® Publication number 0 402 301 

AT 

® EUROPEAN PATENT APPLICATION 

® Application number 90610039.1 ® InL a^: H04L 9/00 



® Date of fiOng: 07.06^0 



® Priority: 07.0a89 DK 2730/89 


® Applicant KOMMUNEDATA l/S 


Vester Sogade 10 


@ Dale Of publication of application: 


DK-1601 Copenhagen V(DK) 


12.12^ Bulletin 30^ 


@ Inventor. BJemiin, Jorgen 




® Designated Contracting States: 


HammesbroveJ 1 


AT BE CH DE DK ES FR GB GR rr U LU NL SE 


DK-5883 Oure(DK) 




Inventor Ottosen, Steen 




Aeblegrenen 183 




DK-5220 Odense SO(DK) 




Inventor Nielsen, Sven KJaer 




Galgebakken Skreent 1-9 




DK-2620 Albeirtstund(DK) 




® Representative: Nielsen, Henrlk Sten 6t al 




Plougniann & VIngtoft Sankt Annae Plads 11 




P.O. Box 3007 




DK-1021 Copenhagen KiOK) 







@ A method of transferring data, an electronic document or the like, a system for transferring data, an 
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® When transferring data, an electronic document 
or the like from a first computer system (ICQ) to a 
second computer system (200) via a data transmis^ 
sion line (300), e.g. a pubBc data transmission Dne, a 
first output and input station (122) comprising a first 
eiectronic card (124) and a second output and input 
station (222) comprising a second electronic card 
(224) are used. 
J- The data is transfenred to the first electronic card 
^(124) from the first computer system (100) via the 
^first station (122) and is encrypted in the first elec- 
Otronk; card (124). whereupon the date is output from 
***the first electronic card (124) in encrypted fomi and 
^transferred via the first station (122) to the first 
O computer system (100) and therefrom to the data 
^transmission Dne (300). 

O The data is received by the other computer 

a. 
ui 



system (200) in encrypted form and is transfenred to 
the second electronic card (224) via the second 
station (222), whereupon the data is decrypted In the 
second electrortic card (224) and Is output from the 
second eiectrorUc card via the second station (222) 
to the second computer system (200). As the data 
transfer between the first and the second computer 
system is canied out between the first and the 
second electronic card, no third parties have neither 
authorized nor unautiiortzed possibility of interfering 
with the data transmission and possibly changing ttie 
data or the etectronk: document The first and the 
second electronic card (124. 224) constitute a coher- 
ent set of cards comprising coherent 
encryption/decryption keys input into the internal 
storages of the cards. 
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A METWOD OF TOANSFERRINQ DATA. AN ELECTRONIC DOCUMEMT PR THE Ulffi, A SYSTEM FOR 
TRANSFERRING DATA, AN ELECTRONIC DOCUMENT OR THE UKE AND A CARD TO BE USED IN 

ACCORDANCE VfTTH THE METHOD 



The present invention relates to a method of 
transfening data, an electronic document or the like 
from a first computer system to a second computer 
system via a data transmission Dne, e.g. a public 
data transmission line. 6 

Several techniques and standards are known 
for transferring data, electronic documents or the 
Dke from a first computer system to a second 
computer system via different data transmission 
lines such as high speed communk:ation Bnes. to 
private or publrc.cjata transmission lines, etc. If the 
data transmission line Itself is not secured against 
third parties with or without authorization toeing able 
to tap the data transferred via ttie data transmission 
line or the electronic document transfenned via the fs 
data transmission line, it is a conventional tech- 
nique to provide an encryption of the data or the 
electronk: document in accordance with 
encryption/decryption techniques well-known per 
se. which techr^ques may comprise either symmet- 20 
rical or asymmetrical encryption algorithms, secret 
or public keys. In this context reference is only to 
be made to the welt-known DES algorithm (Data 
Encryption Standard), developed by IBM in 
cooperatnn wHh the National Bureau of Standards 26 
(NBS). USA As an example of a data/document 
exchange protocol mentkm is here to k>e made of 
the data/document exchange protocol -LECAM- de- 
vetoped by FRANCE TELECOM in connection with 
the Minitel computers used wMely In France, tn 30 
accordance with whk:h the data/document transfer 
may take place in encrypted and not encrypted 
form (furtfier specifications of the protocol are gi^ 
en in S.T.U.C^M - Specification Technk^ues 
d^Utillsatkxi du LECAM. eDScembre 1987. as 
FRANCE TELECOM. TeleteO- Such an encrypted 
data transmissUm presupposes, however, liiat the 
transmitter and the receiver can agree to establish- 
ing a mutual sot of encryptkxi/decryptfon keys, as 
the parties involved, transmitter and receh^, in- 40 
variably have to reveal details concerning security 
levels, etc. Such an agreement requires, however, 
that both transmitter and receh/er fully trust the 
other party. Even if the two parties, who are to 
make a transfer of data or a transfer of one elec- 45 
tronic document from a first computer system.to a 
second computer system, can agree to such an 
exchange of encryption/decryption keys for use In 
connection vrith an erKryption/decryption algorithm 
agreed upon, not even such an encrypted data so 
transmission ensures that the data sent from the 
first computer system or the electronic document 
sent from the first computer system is receh^ , 



correctly ty tiie second computer system, as it will 
be possible to manipulate the data or the electronte 
document in connection with the execution of the 
encryption algorithm in the first computer system, 
just as the receiver after decryption can manipulate 
the data or the electronic document Such an erv- 
crypted data trarismisslon does not in Hsetf erisure 
that ttie transfer taking place is the intended or 
desired transfer of the data or the electronic docu- 
ment, that the data rec^ved by the second com- 
puter system or the eleclronk; document received 
by the second computer system, in the form in 
which the data or the electronic document exists in 
the second computer system after transfer, is Iden- 
tical to the data sent from tfte first computer sys^ 
tern or ttie electronic document sent from the first 
computer system. Such an encrypted data trans- 
mission via a pubDc or private data transmission 
line does neither in itself ensure that the two com- 
puter systems communicating with each other are 
ttie correct intended parties of communicalkm. 

The object of the present invention is to pro- 
vkie a method of the type defined above, accord- 
ing to wtiich method it is possible to establish 
immediately a secure data or document transfer 
t)etween two computer systems without liaving to 
exchange encryption/decryption keys between the 
computer systems, reveal details concerning secu- 
rity levels, etc, and according to which mettiod it Is 
ensured that the desired data or document transfer 
actually takes place, as It Is ensured tttat It will not 
be possible for either of the parties or for a third 
party to interfere with the data or document trans- 
fer. The object of the present invention is thus 
more expQdtiy to provide technk^ues ensuring that 
at the transfer of data or an electronic document 
from one first computer system to a second com- 
puter system via a delta transmtsskwi Bne, bjq. a 
public data transmisskxi Dne, It is guaranteed that 
the data received by the second computer system 
or ttie etectronic document received by the second 
computer system is identical to the data sent from 
the first computer system or the electronic docu- 
ment sent from the first computer system and vice 
versa. 

This object is obrtained in accordance with the 
invention by means of a metiiod of the type de- 
fined above. whk:h method in accordance with a 
first aspect of the invention is characterized In that 
for said transfer 

a first station is used for outputting daia from and 
inputting data Into a first electronic card, said first 
station t)eing connected to and communicating with 



3 



3 



EP 0402 301 A1 



4 



said first computer system and furthermore being 
connected to sdd data tr^tsmisston line via said 
first computer system and interfacing means, and 
a second station is used for outputting data from 
and inputting data into a second electronic card, 
said second station being connected to and com- 
municating with said second computer system artd 
furthermore being connected to said data transmis- 
sion line via tttis second computer system and 
interfacing means. 

said first and second electronic card each compris- 
ing a central data processing unit an internal stor- 
age means, an input/output gate for communication 
with sad corresponding station as welt as an 
encryption/decryption means and togetlier consti- 
tuting a coher^it set of cards comprising cotierent 
erxTyption and decryption Iceys irtput into said in- 
ternal storages of said cards, 
said data or said electronic document being trans- 
ferred to said first etectronic card from said first 
computer system via said first station and said 
input^output gate of said first electronic card. l>eing 
input into and being temporarily stored in said 
irrtemal storage of s^d first electronic card, 
said data or said electronic document being output 
from said internal storage of said first electronic 
card and being encrypted In said first electronic 
card by means of said encryption/decryption 
means of said first electronic card and said encryp- 
tion key(s) stored in said internal storage of said 
first ^ectrordc card, 

said data or said electronic document being output 
from said first electronic card in encrypted fonm via 
said inputtoutput gate of said first electronic card 
and b^ng transferred via said first stafion to said 
first computer system and b^ng transferred there- 
from via 8^ interfacing means of said first com- 
puter system to said data transmis^on Gne. 
said data or said electronic document twing re- 
ceived by said second computer system in encryf> 
ted form via s^ interfacing means of said second 
computer system, being transferred to said second 
electronic card via said second station and via said 
input/butput gate of said second electronic card, 
b^ng input irrto and temporarily stored io said 
Internal storage of said second electronic card, 
said data or said electronic document t)eing output 
from said internal storage of said first electronic 
card in encrypted form and being decrypted in said 
second electronic card by means of said 
encryption/decryption means of said second elec- 
tronic card and said decryption key(s} stored in 
said internal storage of said second electronic card, 
and 

said data or said electronic document being output 
after decryption in said second electronic card from 
said second electronic card and output to said 
second computer system via said input/butput gate 



of said second electronic card and via said second 
station. 

In accordance with the first aspect of the inverv 
fion, the date or document transfer from the first 

6 computer system to the second computer system 
is established by means of two colierent electronic 
cards, which tiy themselves ensure the necessary 
data transmission security during data transmission 
in encrypted form, as tfie use of two coherent 

10 electronic cards at the same time relative to both 
transmitter and receiver, guarantees ttiat the data 
output from the second electronic card or thte elec- 
tronic docurrtent output from the second electronic 
card is identical to ttie date input into tfie first 

75 electronic card or the electronic document input 
into the first electronic card. 

As the date transfer t>etween the first and the 
second computer system is carried out between 
the first and tfie second electronic card, no third 

20 parties with or without authorization are able to 
interfere with the date transmission and change the 
date or the electronic document As will be dear, 
this date or document transfer in accordance witti 
tiie teaching of the invention is possible, without 

£6 having to make any other modification in the con- 
nection between the first and the second computer 
system than ttte supplementing (which is char- 
acteristic to the invention) of txith ttte first and the 
second computer system with associated input and 

30 output stations, wtiich are used for input and output 
of date in tfie respective electronic cards belonging 
to the coherent set of cards. Such coherent set of 
cards can be issued immediately, hired out or sold 
by a neutral and outside card issuer, wfto thus 

35 without neither transmitter or receiver tiaving to 
provide infomiation about date transmisston secrets 
such as ertcrypfion algorithms, security levels, eta. 
can enable the transmitter and the receiver to 
transfer date or electronic documents tietween the 

40 connesponding computer systems without any risk 
that the date received by the receiver or the eleo- 
tronte document received by the receiver Is not 
identical to the date sent by the transmitter or the 
electrortic document sent by tfie transmitter. 

45 In accordance with the present invention it is 
furtfiermore possible to ensure tttat the transfer 
takes place between computer systems, the au- 
tfientidty of whteh is verified relative to one an- 
otfter. as a verification of the authenfi{^ of tfie first 

60 electronic card relative to ttie second electronic 
card artd vice versa is preferably made prtor to the 
transfer of the date or the electronic document 
from the first computer system to the second conv 
puter system. 

S5 In accordance with the method according to 
the invention it is furthermore possible to verify that 
the date or document transfer is correct l^e. to 
verify that the date received by the receiver or the 
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second computBr sy^em or the electronic docu- 
ment received by the receiver or tt^ second com- 
puter system is identical to the data sent from the 
first computer system or the electronic documerrt 
sent from the first computer system, as in aocor- s 
dance with the invention a verification of the integ- 
rity of ttie data or document transfer is preferably 
made at the transfer of tlie data or ttie electrontc 
document from the first compoter system to the 
second computer system. 10 

The utifizalion of a coherent set of electronic 
cards which is characteristic of the Invention, via 
which ttte data and document transfer takes place, 
makes it posstt)le for the data or document transfer 
to proceed completefy autonomously without any 15 
possibinty of Interference or corrupting from neither 
the computer systems involved persons, including 
operators, wtto with or without authorization try to 
change the data or the electronic document being 
transferred, as in acctvdance with tfie metftod of 20 
the invention, the inputting into, the outputting from, 
the encryption and the decryption and possibly the 
authenticity and integrity veriftcatton are preferat>ly 
corrtroned autonomously by the central data pro- 
cessing unit of the indhridual card. 2s 

In accordance with a special aspect of the 
present Inventkm. the actual transfer of the data or 
the etectrortic document between ttie first and ttie 
second computer system is preferably made in 
accordance with the abGve-fnentk)ned LECAM so 
tocol either In encrypted or dectypted form. 

According to a first embodiment of the above 
described auttienticity verification it is preferred 
that 

a first set of data being generated in said first 5S 
electrontc card, said set of data t)eing Input into 
and stored In s^d Internal storage of sakl first 
electronic card and t>e}ng ertcrypted in said first 
electronic card by means of said 
encryptbn/decryption means of said first electronic 40 
card and sakJ encryption key{s) stored in said 
intemal storage of said first electronic card, 
sakJ first set of data being output from sakJ first 
electronic card in encrypted form via said 
input/output gate of said first electronic card, being 4S 
transferred via said first station to said first com- 
puter system and being transferred therefrcxn via 
said Interfacing means of said first computer sys^ 
tem to said data transmission line, 
s^d first set of data t»eing receded by said second so 
computer system in encrypted form via said inter- 
facing means of sakl second computer system, 
'being transferred to said second electronk: card vta 
said secorxJ statkm and via sakj inputAoutput gate 
of said second electronic card b^ng input into and ss 
ternporarily stored in sakJ intemal storage of said 
second electronic card, 

said first set of data received by said second 



computer system In encrypted form being output 
from sakj internal storage of sakj second eiectrcnic 
card and being decrypted in saki secorKi etectronk; 
card by means of saki encryptkin/decryption 
means of said second electron^ card and said 
decryption key(s) stored in said internal storage of 
said second electrwiic card, 
sakj first set of data received by said second 
computer system In encrypted form and decrypted 
in said second electronic card t>eing input into and 
stored in said irrtemal storage of said secorxl eleo- 
tronic card, 

a second set of data tieing generated in said sec- 
ond electronic card, said secortd set of data being 
input into and stored in said internal storage of sad 
second electronic card. 

a first combination of said first set of data received 
t>y said second computer system In encrypted 
form, decrypted and stored in saki internal storage 
of said second electronic card and sakl second set 
of data stored in said intemal storage of said sec- 
ond electronic card being generated in said second 
electronic card, sakj first combinatkm being Input 
into and stored In sakj intemal storage of said 
second electronic card, 

said first combination being encrypted in sak! sec- 
ond electror^c card by means of said 
encryption/decryption means of said second elec- 
tronic card and said encryption key(s) stored in 
said intemal storage of said second electronic card, 
said first combination being output from said sec- 
ond electronic card in encrypted form via said 
input/output gate of sakl second etectronic cardvt':^' 
being transferred via said second station to sakj 
second computer system and t)^ng transferrso 
therefrom via said interfacing means of said sec- 
ond computer system to sakl data transmlsskm 
Gne. 

sakt first comkrinalion being received by sakj first 
computer system In encrypted form via said irrter- 
facing mearts of said first computer system, being 
transfenBd to sakl first etectronk; card via sakl first 
station and via sakl input/output gate of sakl first 
electronic card, t>eing input into and temporarily 
stored in said internal storage of said first elec- 
tronic card, 

sakl first combinatkMi received by said first com- 
puter system In encrypted form being output from 
sakl internal storage of sakl first electroruc card 
and being decrypted In said first electrontc card by 
means of encryption/decryptkm means of said first 
electronk; card artd said decryption key(s) stored in 
said intemal storage of said first electroruc card* 
said first combinatton received by sakl first com- 
puter system In encrypted form and decrypted in 
sakl first electronic card t>eing input Into and stored 
in said intemal storage of sakl first electronk; card, 
sakl first comblnafion stored in sakl intemal storage 
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of s^d first electronic card MnQ decombined for 
producing a first set of data retransmitted to said 
first electronic card and a second set of data trans- 
ferred to said first electronic card, 
said first set of data retransmitted to said first s 
electronic card and said second set of data trans- 
fened to said first electronic card being Input into 
and stored In said internal storage of said first 
electrcwiic card, 

s^d first set of data stored in said internal stor^e io 
of said first electronic card t>eing compared to said 
first set of data retransmitted to said first ^ecfaronlc 
card and stored in said internal storage of said first 
electronic card for verification of identity between 
tttese sets of data for verffication of ttie autfierrticity rs 
of said second electronic card relative to said first 
elecfaronic card, 

a ttiird set of data being generated in said first 
electronic card, sad ttiird set of data being input 
into arKl stored in said internal stora^ of said first 20 
electronic card, 

a second combination of said secmd set of data 
received in encrypted form tiy said first computer 
system, decrypted and stored in said internal stor- 
age of said first electronic card and said ttiird set of zs 
dab stored in said internal storage of said first 
electronic card being generated in said first elec- 
tronic card, said second combination t)eing input 
into and stored in said internal storage of s^d first 
electronic card, 30 
said second combination being encrypted in said 
first electronic card by means of said 
encryption/decryption means of said first electronic- 
card and said encryption lcey(s) stored in said 
internal storage of sad first electronic card. 35 
said second combination being output from said 
first electronic card in encrypted form via said 
input/butput gate of said first ^ectronic card, being 
transferred via said first station to said first com- 
puter system and being transferred ttterefrom via 40 
said inter facing means of said first computer sy^ 
tern to said tteta transmission One, 
said second combination being received by said 
second computer system in encrypted form via 
said interfacing means of said second computer 45 
system, beir^ transferred to said second electronic 
card via said second station and via said 
input/output gate of said second electronic card. 
l)eing input into arxl temporarily stored in said 
internal storage of said second electronic card. so 
said second combination rec^ved by said second 
computer system In encrypted form toeing ou4)ut 
from said internal storage of said second electronic 
card and t>eing decrypted in said second electronic 
card t>y means of said encryption/decryption 55 
means of said second electronic card and said 
decryption key(s} stored in said internal storage of 
said second electronic card. 



said second combination received by said second 
computer syst^ In erx^rypted form and decrypted 
being input into and stored in said internal storage 
of said second electroruc card, 
said second combination stored in said internal 
storage of said second electronic card being de- 
comtiined for producing a second set of data re- 
transmitted to said secortd etectronic card and third 
set of data transferred to said second electronic 
card, 

said second set of data retransmitted to said sec- 
ond electronic card arKl said third set of date 
transfenped to said second electronic card bemg 
input into and stored in said interrial storage of said 
second electronic card, and 
said second set of date stored in said internal 
storage of said second electronic canj being com- 
pared to second set of date retransmitted to said 
second electronic card aruj stored in said internal 
storage of said second electronic card for verifica^ 
tion of identity t>etween these sete of date for 
verification of the authenticity of said first electronic 
card relative to said second etectronic card. 

. In ttiis authenticity verification ffie first, the sec- 
ond arKl the third set of date serve in a unique and 
logical way relative to the first artd the second 
electronic card to verify that tfie transfer of date or 
the electronic document has talcen place correctly 
and thus tfiat the date or the electronic document 
which is received by the second electronic card, Is 
Identical to the date sent by tfte first etectronic card 
or the electronic document sent by ttie first elec- 
tronic card and further to ensure that ttie tr8nsm^^ 
ter and the receiver are authorized transmitter and 
receh^, respectively, and also that the transmitter 
and receiver are wtiat tttey pretend to be. 

According to a first emtxxJiment of ttie inven- 
tion the integrity verificstion is m^te by 
a compacted version of said date or said electronic 
documerrt tieing generated in said first computer 
system or said first electronic card, said com- 
pacted version being input into and stored in said 
Interna] storage of said first electronic card, 
a compacted version of said date transferred to 
said second computer system or of said electrortic 
document transferred to said second computer' 
system t>e{ng generated in said second computer 
system or in said second electronic card, said 
compacted ver^on tieing input into and stored in 
said internal storage of said second electronic card, 
said compacted version stored in said internal stor- 
age of said first electronic card being output from 
said internal storage of said first electronic card 
and ^icrypted in sad first electronic card by 
means of said encryption/decryption means of said 
first electronic card and said encryption key{s) 
stored In said internal storage of said first elec- 
tronic card. 
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said compacted data or document version encryp- 
ts by said encryption/decryption means of said 
lirst electronic card bdng output from said first 
electronic card via said input/output gate of said 
first electronic card, being transferred via said first 
station to said first computer system and being 
transferred therefrom via said interfacing means of 
said first computer system to said data transmis- 
sion Bne, 

said encrypted and compacted data or document 
version transferred from said first computer system 
being received by said second computer system 
via said interfacing means of said second computer 
system, being transferred to said second electronic 
card via said second station and via said 
input/output gate of said second electronic card, 
being input Into and temporarily stored in said 
internal storage of said second electronic card, 
said compacted data or document version received 
l>y said second cOTiputer system in encrypted 
form tteing output from said internal storage of said 
second electronic card and being decrypted in said 
second electronic card by means of said 
encryption/decryption means of said second elec- 
tronic card and said decryption key(s) stored In 
said internal storage of said second electronic card, 
said decrypted, compacted data or document ver- 
sion received t)y said secorKi computer system in 
encrypted form and decrypted by said second 
electronic card being input into and stored in said 
internal storage of said second electronic card, 
a comparison of said compacted data or document 
version stored in said second electronic card and 
said decrypted, compacted data or document ver- 
sion received by said second computer system In 
encrypted form and decrypted being made in said 
second electronic card for vefiftcalion of the Integ- 
rity of or identity between said data tr ans ferred 
from said first computer system and said data 
received by said second computer system or of 
the integrity of or identity between said electronic 
document trartsferred from said first computer sys- 
tem and said eiecbnonic document received by said 
secoTKl computer system. 

According to a further and attemative embodi:: 
ment of the invention the integrity verification is 
made by 

a compacted version of said data or said electronic 
document being generated in said first computer 
system or in said first electronic card, said com- 
pacted version l>eing input into and stored in said 
internal storage of said first ^ectronlc card, 
a compacted version of said data transferred to 
said second computer system or said electronic 
document transferred to said second computer 
system being generated in said second computer 
system or in said second electronic card, said 
compacted version being input into and stored in 



said internal storage of said second electronic card, 
said compacted version stored in said tntemai stor- 
age of said secorxJ electronic card being output 
from said internal storage of said second electronic 

5 card and encrypted in said second electronic card 
by means of said encryption/decryption means of 
said second electronic card or said encryption Icey- 
(s) stored in said internal storage of said second 
electronic card. 

TO said compacted date or document version encryp- 
ted by said encryption/decryption means of said 
second electronic card b&ng output from said sec- 
ond electronic card via said input/output gate of 
said second electronic card, being transfened via 

rs said second station to said second computer sys- 
tem and t>eing transferred tftersfrom via said inter- 
facing means of said second computer system to 
said date transmission line, 
said encrypted and compacted date or document 

20 version trsnsfenred from said second computer 
system t>eing received by said first computer sys- 
tem via said interfacing means of said first com- 
puter system, t)^ng transferred to said first elec- 
tronic card via said first stati(m and via said 

25 input^output gate of said first electronic card, being 
input into and temporarily stored in said irttemal 
stor^e of said first electronic card, 
said compacted date or document version rec^ved 
tsy said first computer system in encrypted form 

30 being output from said intemal storage of said first 
electronic card and being decrypted in said first 
electronic card by means of said 
-^encryption/decryption nteans of said first electronic 
card and said decryption key(s) stored In said 

35 internal storage of said first electronic card, 

said decrypted, compacted date or document ver- 
sion received by said first computer system in 
encrypted form and decrypted by said first elec- 
tronic card being input into and stored in said 

40 intemal storage of said first electronic card, 

a comparison of said compacted date or document 
version stored In said first electronic card and said 
decrypted, compacted date or document version 
received by said first computer system in encryp- 

45 ted form and decrypted t>eing made in said first 
electronic card for verification of the integrity of or 
identity between said date transterred from said 
first computer system and said date received t>y 
said second computer system or of the integrity of 

so or identity between said electronic document trans- 
ferred from said first computer system and said 
electronic document received by said second corrh 
puter system. 

In accordance vnth the presently preferred em- 

65 bodiment the integrity verificaSon is, however, 
made by transferring a compacted date or docu- 
ment version from the first electronic card to the 
second electronic card as well as from the second 
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electronic card to the first electronic card and com- 
paring both transferred, compacted data or dooi- 
ment versions to stored, compacted data or docu- 
ment verskms in the two electrontc cards. 

According to altemative embodiments of the 
method according to the Invention, said alternative 
emtxxjiments constibiting combinations of ttie au- 
tfienlicity and integrity veriftcadons, said transfer of 
said compacted data or document version gen- 
erated In said first computer system or in said first 
electronic card from said first electronic card to 
said second ^ectronic card is made dmultaneous- 
ly with said transfer of said data or said electronic 
document itsetf, said data or electronic document 
and said compacted data or document version be- 
ing comtjined and encrypted as a whole betom 
said transfer, or attemativefy said transfer of said 
compacted data or document version generated in 
said second computer system or In said second 
etectronic card from said second electronic card to 
said first electronic card is made simultaneously 
with a retransmission of said data or said electronic 
document received from said first electronic card 
from said second electronic card to said first elec- 
tronic card, said data or electronic document to be 
retransmitted and said compacted data or docu- 
ment version b&ng combined and encrypted as a 
whole before said transfer. 

According to a combination of these altemative 
integrity artd authenticity verifications, a simulta- 
neous retra n smission of said compacted data or 
document version received by said second elec- 
tronic card and generated in said first computer 
system or in said first electronic card is made at 
said transfer of said compacted data or document 
version generated in said secorKi computer system 
or in said second electronic card and said retrans- 
mission of said data or said electronic document 
from s^d second electronic card, txilh comp^ted- 
data Of document versions and said data or said 
electronic document to be retransmitted being 
comtrfned and encrypted as a whole before said 
transfer. 

The above stated objects are aJtemativeiy ob- 
tained in accordance with the invention by a mett)- 
od of ttie type defined above, wtiich mettKKl in 
accordance with a second aspect of the invention 
is characterized in tiiat 
for said transfer 

a first station is used, which is secured against 
illegal entry, i-e. a so-called "tamper-prooT station, 
for outputlir^ data from and inputting data into 
a first card, said first station being connected to 
and communicating with said first computer system 
and furthermore being connected to said data 
tran^ission tine via said first computer system 
and interfacing means, and said first station having 
a central processing unit, an internal storage, an 



Input/output means for outputting data from and 
inputting-data into said first- card as well as an 
encryption/decryption means. as\6 
a second station is used, which is secured against 

5 illegal entry. i.e. a so-called "tamper-proof" station, 
for outputSng data from and inputting data into a 
second card, said second station tietng connected 
to and communicating with said second computer 
system and furthermore being connected to said 

10 data transmission line via said second computer 
system and interfacing means, and said second 
station tiaving a central data processing unit an 
internal storage, an tnput/butput means for outpu^ 
ting data from and inputting data into said first card 

16 as well as an encryption/decryption means 

said first and second card conslitaJting a coherent 
set of cards comprising coiierent data input into 
said cards cortceming said coherent 
encryption/decryption keys stored in said internal 

20 stors^es of said corte^jonding stations. 

said data or said electronic document being trans- 
ferred to said first station and being input into arwl 
temporarily stored in said Internal storage of said 
first station, 

25 said data or said electronic document being output 
from said internal storage of said first statical artd 
t»lng encrypted in said first staSon t>y means of 
ssdd encryption/decryption means of said first sta- 
tion and said encryption keyCs) stored in said inter- 
so nal storage of said first station. 

said data or saki electronic document t>e{ng output 
from said first slalion to said first computer system 
in encrypted form, and therefrom via said interfac-. . 
ing means of said first computer system to said 
3S data transmission Bne, 

said data or said electronic document being re- 
ceived by said second computer system in encryp- 
ted form via said interfacing means of said second 
computer system. t)eing transfened to said second 
40 ' Station, beirtg in|Hit Irtto and temporarily stored in 
said Internal storage of said second statton, 
said data or saU electroruc document raceived in 
encrypted fonn t)eing decrypted in said secorxJ 
station by means of said encryption/decryption 
45 means of said second station and said decryption 
key(s) stored in said internal storage of said sec- 
ond station, and 

said data or said electronic document in said sec- 
ond station being output from sakl second station 

50 after decryption to said secorKi computer system. 

TWs alternative method according to the sec- 
ond aspect of the invention is preferat>ty In accor- 
dance with advantageous .emtxxliments of the 
method Implemented in accordance with the atxjve 

56 stated embodiments of the method according to 
tfte first aspect of the present invention. 

The present invention furtherrruxre relates to a 
system for transferring data, an electronic docu* 
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ment or the like from a first computer system to a 
second computer System, said second computer 
system being autonomous in relation to said first 
computer system, via a data transmission line, e.g. 
a pubtic data transmission line, in accordance with 
the method accorcf ng to the first aspect of the 
invention, which system in accordance with the 
invention Is characterized In that It comprises the 
first station and the second station, which are con- 
nected to and communicate with the first and the 
second computer system, respectively, and wttich 
furttienmore via the first and ftie second computer 
system, respectively, and the conrespondlng Inter- 
facing means are connected to the data transmis- 
sion line, as well as the first and ttte second 
electronic card, wNch constitute a coherent set of 
cards comprising the coherent 
encryption/decryption keys input into the internal 
storages of the cards. The coherent set of cards 
used in this system according to the invention 
preferably comprises cards of the type DES Smart 
Card (Philips). Super Smart Card (Bull) or CP8 
Smart Card (Bull) or at least a card implemented 
on a printed circuit card, a thick-film substrate, a 
thin-film module, etc * 

The present Invention furthermore relates to a 
system for transferring data, an eledronte docu- 
ment or the mce from a first computer system to a 
second computer system. sakJ second computer 
system being autonomous relative to said first 
computer system, via a data transmlsston line, 
a pubDc data transmission fine, said system being 
characterized-tn'^hat rt comprises said first station 
and said second station. wNch are connected to 
and communkate with sakl first and said second 
computer system, respectively, and which further- 
more via said first and said second computer sys- 
tem, respectively, and corresponding interfadng 
means are connected to sakJ data transmisshm 
Bne. as well as said first and said second card, 
which constitute a coherent set of cards comprising 
said coherent data input into said cards concerning 
said coherent eruiryption/decryption keys stored in 
said internal storages of said connesponding sta- 
tions. The coherent set of data, which is used 
according to the system and the method according 
to the second aspect of the invention can te a 
magnetic card as well as an electronic card which 
again can be of above-mentioned type. In accor- 
dance with this aspect of the invention, any other 
medium can furthermore be used. 

The present invention furtfiermore relates to an 
electronic card comprising a central data process- 
ing unit an internal storage, an input/output gate 
for communication with a associated station for 
outputting data from and inputting data into the 
electn:»nic card as well as an encryption/decryption 
means, which card according to the invention con- 



stituting a first electronic card of a coherent set of 
cards comprising the first electronic card and a 
second electronic card, vrtiich electronic cards 
have coherent encryption/decryption keys and are 

5 designed to be used in accordance with a method 
according to the first aspect of the invention. 

The encryption made according to the Inven- 
tion can be made according to arbitrary known 
technique and comprise symmetrical or asymmot- 

10 rical encryption/decryption algorithms such as DES 
algorithms. RSA algorithms or the Bke. The 
encryption/decryption algorittuns can furtfiermore 
be combined. 

The invention will now be further described 

IS with reference to the drawing, 
in which 

Fig. 1 shows a system according tb'the 
invention comprising a first computer system and a 
second computer system communicating with each 
20 ottter via a data transmission One for carrying out 
the method according to the Invention. 

fig. 2 schematfcally shows the structure of 
the software of the system shown In fig. 1. 

fig. 3 schematically shows a system accord- 
25 tng to the invention compMrising two computer sys- 
tems communk^ng with each other via a data 
transmission Gne, arKi furtfiermore a mini computer, 
fig. 4 schematically shows an enlarged sys- 
tem comprising three computer systems, wtilch 
30 according to the teaching of the invention commu- 
nicate with each other via a data transmission One, 
and one of which furthennore communicates with 
two terminals or MInitels via appropriate interfacing 
means and the data transmission line, 
36 fig. 5 shows a bk)ck diagram of an authentic- 

ity verificatton. and 

fig. 6 shows a block cfiagram of an Integrfty 
verification. 

In fig. 1. a system according to the Invention 

40 ' for carrying out the method according to the inven- 
tion is shown schematically, which system com- 
prises two autonomous computer systems, a first 
computer system shown In the teft-tiand part of fig. 
1 arxl designated the reference numeral IdiO in Hs 

45 entirety, and a second computer system shown in 
the right-hand part of fig. 1 and designated the 
reference numeral 200 in its entirety. The two com- 
puter systems 100 and 200 are shown schemati- 
cally comprising the same types of elements, 

60 wtuch for the two computer systems are indicated 
by the same two last cfigits of the reference nu- 
merals, ttie reference numerals for elements be- 
kinglng to the first computer system 100 beginning 
with the <figrt 1 and the reference numerals for 

55 elements belonging to the second computer sy&-' 
tarn 200 beginning with the digit 2. The two com- 
puter systems 100 and 200 thus each comprises 
an Inhousa** main computer. 102. 202. rsspec- 
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tiyely. These mam computers 102 and 202 commu- 
nicate vta data Ones 104, 204 with t^mirials or 
personal computers (PCs) 106, 206, which each 
oomprfses a keyboard 108, 2^. a computer sec- 
tion 110. 210 and a computer screen 112, 212. TTie 5 
terminals or the PCs 106. 206 furthermore commu- 
nicate vrith the associated dinette stations or ofv 
tica] disc store 114, 214 as well as hard disks 116, 
216 with associated back-up diskette statkms or 
optical disc store 118, 218. The terminals or the to 
PCs 106, 208 are furthennore via respective date 
transmission Bnes 120. 220 connected to respec- 
tive stations 122, 222 for input and output of date in 
respective electronk: cards or chip cards, so-cailed 
Smart Cards, which are indicated by the reference fs 
numerals 124, 224. 

Togettier wfth the associated peripheral equfp- 
ment comF>rising tfte diskette stations or optical 
disc store 114, 214. the hard disks 116. 216, the 
back-up diskette stations or optical disc store 118, 20 
218, the associated stations 122. 222 as well the 
associated electronic cards 124, 224, the terminals 
or the PCs 106, 206 are contained in the blocks 
126, 226 indtoated by dotted Snes. 

The task or ofc^ect of the Invention Is to provide ss 
a possibiTity of transfening date from the first com- 
puter system to the second computer system, t>y 
which date transfer It is ensured that the date seirt 
is Identical to the date intended to bB sent, that the 
date received fs identical to the date sent, and so 
preferably furthermora that the transfer only takes 
place t)etween parties specificaliy Intended to send 
and receive data, that receiptrtokthe date is ac- 
krtowtedged by the receiver and furtttermore that 
receipt of the recehfer's acknowledgement is ac- ss 
knowledged tyy ttie sender relath/e to the receiver. 
In the foltowing description, the date transfer is 
meant to take place from the first computer system 
100 to the second computer system 200, but it is 
of course dear that the date transfer can also take 49 
place in the opposite direction. According to the 
invention the date transfer can furthermore consist 
in an exchange of date between the two computer 
systems, i.e. comprise a trartsfer of date from tfte 
first computer system 100 to the second computer 45 
system 200 and transfer of date from the second 
computer system 200 to ttie first computer system 
100. ftehher of the respective sides of the two 
computer systems 100 and 200 has any knowledge 
of security levels, transmission protocols, so 
encryption/decryption algoritiims etc of the other 
computer system. Via interfacing means contained 
in the associated terminals or PCs 106, 206 and 
the associated date transmission fines 128, 228, 
the two computer systems 10O and 200 are con- ss 
nected to a pubQc date transmission network, whteh 
is collectively indicated tiy the reference numeral 
30D. Instead of a public date transmission network. 



e.g. an date network, the date transmission 
network 300 can be a private netvvork or comprise 
conibinalions erf pubBc and private computer net- 
worics and furthermore via associated modems 
(modulators/derrKxJuIators) tie connected to e.g. 
telephone lines or other ^gnal or transmisaon 
Bnes. 

In order to ensure that the above stated re- 
quiremente for date transfer are met, tf)e date 
transfer is made by the date to be transferred from 
the computer system 100 to the computer system 
200 first being output from the main computer 102 
of the computer system 100 to ttie terminal or the 
PC 106 and tielng transferred to the station 122. 
From the statkin 122 the date is transferred to the 
electronic card 124 via the input/Output gate of this 
card, whereupon ttie date Is processed exclusively 
by ttie electronic card 124. Similar to the card 224, 
the card 124 has in addition to the above-men- 
tk)ned input/output gate, a central processing unit 
or CPU. an internal storage, an 
encryption/decryption triock which controlled by the 
internal central (Hocessing unit of the card is able 
to encrypt and decrypt the date by outputting date 
from the card or by Inputting date into the card, 
respectively, by use of one or more 
encryption/decryption keys input into ttie card in 
advance, as will te described in greater detail 
below in a detailed system/software description. 
For the transfer of date t>etween the cards, the 
cards 124, 224 have been issued together and 
constituto a coherent set of cards being preprog- 
rammed as regards encryption/decryption atgo^^^iv - 
rittims and keys in such a way that the cards are 
able to communicate with each other and decrypt 
date transferred from the first card to the second 
card and vice versa. 

In ttie electronic card 124. an encryption of the 
date input is ttien m^le, the encrypted date is 
transferred via the statton 122. the date transmis- 
sion line 120. the terminal or the PC 108. the 
associated Interfacing means and the date trans- 
mission Dne 128 to ttie date transmission netwoilt 
300, from which the date via the date transmission 
line 228. ttie Interfacing means of the terminal or 
the PC' 208. the tennlnal or the PC 206. the date 
transmission line 220 and the statkm 222 is trans- 
fenred to the electronic card 224, in which the date 
is decrypted by means of the 
encryption/decryption key(s) stored in the card cor- 
respondng to the encryptkm/decryption keys of the 
card 124. After decryption of ttie date in the card 
224 ttie date can be output in dear text from the 
electronk: card 224 to the statkxi 222 and be 
transferred via the date transmission Dne 220. the 
terminal or the PC 206 and the date transmission 
Dne 204 to the main computer 202. As ttie date 
transfer from the first computer system 100 to the 
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second computer system ^ only takes place 
between the tvra etectronfc csmds 124"and 224 it Is 
ensured that the data version output from the elec- 
tronic card 224 is identical to the data ver^on input 
into the electronic card 124. Hereby it is ensured 
that the data transferred to the second computer 
system 200 is identical to data intended to be sent 
from ttie first computer system 100. and seen from 
the point of view of the first computer 100 it is also 
ensured that the data version which the computer 
system 200 has reqehred is identical to the data 
which was initially sent from the first computer 
system 100. 

In the below system description it will further- 
more be explained how an authenticity veriftcation 
between tfte two electronic cards 124. 224 is made 
prior to the actual transfer and furthermore how 
acknowledoements containing compacted data ver- 
sions are signed for integrity verification, which 
acknowledgements are transferred between receiv- 
er and sender, i.e. between ftie card 224 arwJ.the 
canl 124. 

in fig. 2 the software design of the main com- 
puters 102. 202 of the computer systems 100 and 
200 and the terminals or PCs 10B. 206 is shown 
schennatically. It is to be realized that the software 
design is only intended to be illustrative and ex- 
planatory and in no way to be construed fimtting 
the scope as defined in the appended claims. Each 
main sollware comprises an "tnhouse" software 
130. 230. a communications protocol 132, 232 for 
transfer of data to the associated terminal or PC 
106. 206 via the data transmission Dnes 104.^204 
(e.g. an asynchronous RS 232 communkations 
protocol), two software converter or compiler 
bk)Cks 134. 234 and 136. 236 for convert or 
compiling from Inhouse" format to tfie transmls- 
ston protocol determined by the tAock 132. 232 
and from the transmisston protocol determined by 
the block 132. 232 to Inhouse" format respec- 
tively. The main computer software 102. 202 may 
furtiier comprise a further bkx^k 138. 238, a so- 
called Edifact software, which will be described 
Deiow. 

The terminals or the PCs 106, 208 contain the 
fbttowing software t>kx:ks: a communications pro- 
tocol 140. 240 for communication with ttie m^ 
computer 102. 202 via the data transmissbn line 
104. 204, an internal central software 142. 242 
contrdBng the functions of ttie terminal or the PC 
in question, a converter or compiler software 144. 
244 conresponding to the software block 138. 238 
of the main computer 102. 202. a communicatkms 
protocol 146. 246. e.g. an X25 protocol, wtiich 
protocols constitute the interfacing means of tfie 
terminal or the PC to the associated data transmis- 
sion nne 128, 228. a software block 148. 248 for 
communication with ttte associated peripheral 



equipment of ttie tenminats or the PCs siK^h as ttie 
diskette stations and hard disks 114, 214 and 116, 
216 shown in fig;'1. a software block 150. 250 
containing infomrtation regarding e.g. "black lists* 

6 etc. and finally a software block 152, 252 for cofT>- 
municatkm with the associated station 122, 222. 
Ttte PC program may further comprise a block 
conresponding to the bkx^ 138 and 238 dis- 
cussed above and comprisirtg Edifact software. 

70 It is to be noted that the data transfer compris- 
ing aufhenticity/integrfty verffication etc, wtiich is 
characteristic of ttn invention, can be implemented 
witii an integrated circuit card constituting a con>- 
tJination of a station and an electronic card such as 

76 a combination of the station 122 and the card 124 
or of the station 222 and the card 224. Such 
printed circuit cards are shown In the tower part of 
fig. 2 and designated the reference numerals 160 
and 260. respectively. The printed circuit card 160, 

20 260 thus constitutes a complementary card relative 
to the second printed circuit card or relative to an 
elecbronic card for use in connection with an asso- 
ciated station. Thus the printed circuit card 160 can 
be a circuit card complementary to the printed 

25 circuit card 260 or a card complementary to ttte 
electronic card 224. Correspondingly the printed 
circuit card 260 can be a card complementary to 
the electronk: card 124 or a card complementary to 
ttte printer circuit card 160. 

30 In a furttier alternative embodiment of the in- 
vention the atxjve descrit)ed data transfer from the 
electronto card 124 to ttie electronic card 224 can 
be established between corresponding security 
modules 170. 270. wtiich are shown In ttie tower 

55 part of fig. 2. These security modules or security 
terminals constitute so-called "tamper-proof* sta- 
tions. i.e. stations which due to their special phys- 
toal design make it impossible to open ttie system 
and ttujs reveal material as well as software. Simi- 

40 lar to ttie electronic cards 124, 224, these security 
modules contain an input/output gato. a central 
processing unft. internal storages and 
encryption/decryption blocks. In contrast to the 
electronto cards 124. 224 and ttte printed circuit 

45 cards 160. 260 Integrating stations and cards, ttie 
internal storages of ttie security modules can con- 
tain more encryption/decryption keys, which are 
addressed to a gh«n data transfer by means of a 
card, e.g. an electronto card or a magnetic card. 

GO wtdch similar to ttte electronic cards 124. 224 and 
printer circuit card 160, 260 integrattng stations and 
electrontc cards are issued by a card Issuer, wtio 
corresponding to ttte electronto card or magnetic 
card in question issues a conesponding magnetic 

55 card or an etoctronic card or a printed drcuit card 
for use at data transfer from a security module 
addressed by the magnetic card in question to a 
security module addressed by an associated elec- 

11 
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tronic card and finally to a printed circuit card or 
vice versa. 

In fig. 3. a system which ts enlarged as com- 
pared to the system shown in fig. 1 is shown 
schematicaliy. and which in addition to the two 
computer systems 100 and 200 comprises a mini 
computer which is designated the reference nu- 
mera] 308 in its entirety and has a Iceytxiard 308. a 
central processing unit 310 and a computer screen 
312. The mini computer system 306 can furttier- 
more comprise peripheral equipment such as a 
diskette station or a tape station, a printer, etc. 
Such peripheral equipment is not shown in fig. 3. 
For transfer of data to one of the computer sys- 
tems 100 or 200 or for reception of data from one 
of these computer systems in accordance with the 
teaching of the invention, the mini computer sys- 
tem 306 is connected to a station 322. correspond- 
ing to ttta stations 122. 222 shown in figs. 1, 2 and 
3. via a data transmission line 320 comesponding to 
the data transmission tines 120 and 220 ^own in 
fig. 1. Via a data transmission line 328 correspond- 
ing to the data transmission Ones 128. 228 via an 
interfacing means contained in the central data 
processing unit 310 of the mini computer system 
and furthermore possibly via a modem, which is 
not ^lown in fig. 3. the miru computer system 308 
is connected to a pubOc telephone networit 330. 
The put)lic telephone networic 330 is via a modem, 
which is nefttier shown in fig. 3. and a data trans- 
mission line 332 connected to a converter 346 
containing converter or compiler sut>-b]ocks 334, 
336 corresporKfing to the software blocks 134, 234 
and 136. 236 sfiown in fig. 2 and which via a data 
transmission One 338 is connected to the network 
300. 

By means of two coherent cards one of whteh 
is received in the station 322, and another one of 
virfiich is received in the statbn 122 or 222 of the 
computer 100 or 200 respectivety. it is possibie in 
accordance with ttie teaching of ttie invention pos- 
sible to transfer data to and Uxxn ttie mini computer 
system 306 from and to ttie computer system in 
question, respectively, the associated card station 
of wfiich computer system has rec^ved an elec- 
tronic card, not shown, corresporxling to tf)e elec- 
tronic card received in the card statkm 322. Similar 
to tt)e mini computer system 306, the computer 
system with which ttie mini computer is commu- 
nicating can tiave its electronic card integrated vrith 
ttie corresponcfing stafion in a printed orcuit card, 
similar to the printed circuit cards shown in fig. 2 
and designated ttie reference numerals 160, 260 
belonging to the computer systems 100, 200, or 
have a security module or security terminal whteh 
is addrassat}le by means of an electronic card or a 
magrtetic card as explairted atx>ve. 

In fig. 4 an alternative computer system con- 



figuration is shown which in addition to ttte atxuve 
described computer-system comprising/the first 
computer system 100 and the second computer 
system 200 which are interconnected via the net- 

5 work 300. includes a number of mini computer 
systems, in the present case two mini computer 
systems 406 wtuch are preferably so-called Minitel 
computers, communteating with an associated host 
whrch is shown in the upper central part of fig. 4 

10 and designated the reference numeral 400 in its 
entirety, and wfiich constitutes a computer system. 
The mini computer systems 406 and ttie host 400 
constitute a so-called videotex system which will 
be ex plained in greater detail below in the 

76 system/software description. Ttie communication 
between the Minitel computers 406 and the host 
400 is preterably made in accordance with the 
LECAM protocol developed by FRANCE TELEC- 
OM. The computer system 400 constitutes a com- 

20 puter system corresponding to one of tite computer 
system 100, 200. and tietween the computer sys- 
tem 400 and one of toe computer systems 100, 
200 data can be transferred both ways in the above 
descrit)ed manner by means of two coherertt cards. 

25 espedally two coherent electronic cards. Thus tiie 
computer system 400 Is basically of a structure 
equhratertt to ttie structure of ttie computer systems 
100, 200 and comprises a central processing unit 
402. which is connected to a communicattons t>k>ck 

30 426 corresponding to ttie blocks 126, 226 via a 
data transmission line 404, which tJkxA 426 is 
connected to ttie networic 300 via a date transmis- 
-sioni^Hne 428 connesponding to ttie date transmis- 
sion Ones 128, 22& The computer system 400 

36 furtfiermore comprises a hard disk 460 or disc 
store, a computer screen 462 and a card reader 
464. The card reader 464 is adopted to receive an 
etectronk; card of ttte atx>ve described kind, espe- 
cially a so-called smart card, at transter of date to 

40 and from the Minitel computer 406. as will be 
explained in greater detail betow in ttie 
system/software description. The card reader or the 
station 464 on ttie ottier hand has no cxxtnectton to 
ttie external computer systems 100. 200, as the 

45 data transfer t)8tween the computer system 400 
and one of ttie computer systems 1CK>, 200 Is 
controlled by the communteatton bkxk 426 in the 
above described way. The indivklual Minitel com- 
puters 406 has a keytx)ard 408. a computer screen 

50 412 and a card reader 422. wtuch Eke the card 
reader 464 is adopted to receive an electronic 
card. whk:h makes it possible to transfisr date to 
and from the Minitel computer 406 from and to ttie 
computer sy^em 400, respectively. The connec- 

55 tion from the indivklual Minitel computer 406 to ttie 
computer system 400 is estat»fished via a date 
transmission tine 428 connecting the Indivklual 
Minitel computer 406 to a publk; telephone networic 
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430 by means of appropriate modem units, a con- 
nection from tKepubGc telephone network 430 to 
the computer system 400 being estabGshed via a 
first data transmission lirte 432. a converter or 
compiler 446 and a second data transmission Une 
438. 

The Minitel computers shown in fig. 4 first of 
all serve the purpose of distributing electronic doc- 
ument "mail" internally within the Minitel system 
belonging to the computer system 400, as data or 
document transfer is made from the Individual 
Minitel computer 408 via ttie pubDc telephone net- 
work 430 and the network 300 by means of an 
electronic card issued by the Institution which runs 
ttie computer system 400 to the station 484 of the 
computer system 400. The computer system 
shown In fig. 4 furtherrrtore provides the possibility 
of transferring data or documents from tfie individ- 
ual Minitel computer 406 to the computer system 
400, from whfch system data or documents can be 
transferred again to a second computer system, 
e.g. tiw computer system 100 or the computer 
system 200 via the data transfer tktdk 426 with 
associated electronic cards, in accordance wHh the 
atxive described data transfer. 



EXAMPL£ 

A computer system of the type shown tn fig- 
ures 1 and 2 was tmptemerrted wrtthr 
Personal Computer 
^AT 10 MHz with 640 kbytes storage, 
40 Mbyte hanj disk. 2 serial RS232 gates, Danish 
keyboard, btackNvhite screen including adapter. 
Type: Philips P3204. 
The foHowing software was used: 
MS-DOS operating system verskm 3.3. 
Type: Microsoft 

FTTOS Real Time Operating System version 4.00. 

Type: Dansk tnformatkMis Teknologi 

X.25 CommunicatkNi card • 16 gates: 

Type: Stoifrnann SICC-PC-X25. 

SmartCard reader with power supply and RS232 

Interface caUe: 

Type: PhlGps/Control Data Laserdrive 510 DT 

For ttiis system implementation, software was 
used developed by Netplus (ei989). The software 
is developed in C, Pascal and Assembler. 

tn ttie computer system, data and docurrtents 
in encrypted and not encrypted torm were further- 
more exchanged t>etween a Minitel terminal of the 
type shown in fig. 4 with ttie reference numeral 406 
and 3 computer system of ttie atxive descrit)ed 
type in accordarx» with ttie principles of the inven- 
tion, by means of the LECAM protocol developed 
by FRANCE TELECOM (©December 1987 - 
FRANCE TELECOM - TELETEL). 



A detaited system and software specification 
win bo doscribsd beiow concerning both data trans- 
fer from the first computer system to the second 
computer system, e.g. from the computer syst^ 
s 100 to the computer system 200. and data transfer 
to and from a Minitel computer 406 to and from the 
computer system 400, respectively. 



TO System and software description: 

The system has an Interface to a large sur- 
rounding world, whteh is not under control under all 
circumstances. This impDes that It must be ensured 

IB tfiat unauthorized persons do not get unautfiorized 
access to or Insight Into the system. Betow, the 
security of the system Is described and the re- 
quirements which are furthermore made to ttie sys- 
tem, so ttiat this can be of practical use. 

20 IhetB are security systems wfiich are impos- 
sible to break, but which are useless in practice. 
tHJt also security systems which are commercially 
available and appear to tie of practical use, but 
which unfortunately are also easy to break. 

25 A number of security requirements which the 
system fulfils will be descrit>ed now: 

1. Large key room 

2. No real or statistteal possibility of finding a 
key on the basis of clear text and crypto text 

30 3. No dear text in crypto text 

4. Stratified structure of ttie transmission ne^ 

work 

Re 1. The.tnumber of keys must be so large 
that it is not practicaUy possible to find ttie right 

as key by exiiaustive search. It must be required ttiat 
two different keys encrypt ttie same dear text into 
different crypto texts. Exactly how targe the key 
room must be. naturally also depends on ttte re- 
sources which are availatrie to a potential "enemy". 

40 For ttie transactions mentioned in this system. 56 
b)its as- In DES are sufficient, as it on average will 
take at least 4 months to dedpher a crypto text 
with ttie fastest availatile computer power. As a 
new key Is used for each transmisskm. it will be 

45 practically impossible to otrtain full insight 

Re 2. Even though many coherent dear text 
messages and corresponding crypto text messages 
are known, it must not be possible to determine the 
applied key on ttie basis of ttiis. 

50 Re 3. In the crypto text there must be no 
statisttcal significant trace of ttie dear text If tttere 
is no such trace, the "enemy's' only weapon Is 
exhaustive search, if only the crypto text is avail- 
able. 

65 Re 4. The interface spedftcations for the trans- 
mission network via wtiich ttie encrypted data or 
text has to be transmitted, normally also prescrit» 
transmisston of operational contrd informatkui 
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which should of course not be encrypted similar to 
address fields and the like for tfie data mentiaied. 
Problems may arise, if ttie Interfacing means does 
not-have a stratified stmcture or if it is rtot quite 
dear at wtiich level the encryption is to take place. 

Use of chip cards arKi the DES algorithm pro- 
vkjes a solution In which 

1. the size of the key room Is sufRdent 
especially as different keys are used for different 
transfers, and the key for exchange of encryption 
key is safety hidden in the chip card, 

2. it has no practteal value to find a key on 
the basis of both dear text and crypto text, as this 
key Is only used for one transmission, arxl 

3. DES encryption of the documents ensures 
that there is no dear text in the crypto texts. 

yNhen using chip card and DES algorithm in 
this way. the public X25 network as welt as a 
teletel videotex network are used. Both these net- 
works fadlitate a transparent trartsfer of encrypted 
text There are various protocols for transfer, which 
are foikiwed in connection with the document trans- 
fer. For the videotex networlc. tfte l-ECAM protocol 
is used. 



Symmetrical/asymmetrical systems 

Wherever possibis. simple methods are used 
for securing data, however, vnttiout reducing the 
security. Accordingly a symmetrica) system (e.g. 
DES) is preferred to an asymmetrical system {e.g. 
RSA). as- ai}...asymm6trica] system, such as RSA 
requires far more computer power ttian a symmet- 
rical system, such as DES. A synunetrical system, 
such as DES, on the other hand, requires greater 
security concerning keys. (Ckmceming DES and 
RSA see above). 

1- Symmetrical crypto systems 

2. Asymmetricai crypto systems 

3. Speeds 

Re 1. A symmetrical crypto system is char- 
acterized in that ttie same key is used for encryp- 
tion and decryption. A much used and safe at- 
goritfim for this use is the DES algoritfun. 

The DES algorithm (Data Encryption Standard) 
was devek>ped by IBM in cooperatkxi with the 
National Bureau of Standards NBS) and puttDshed 
in 1977. DES is only used for dviGan encryptkm 
and is today the most widespread crypto system. 
In particular, DES is very much used within the 
banking wortd, also in the 'DANKORT'-system. 

in the DES algorittim, encryption is made in 
blocks of 64 bits by means of a key of 56 bits. 
Rrst. the 64 to be encrypted are sub|ected to a 
permutation, which serves to mbc tfte bite, as Input 
in the typk:al appfrcation consists of 8 bytes. l=ol- 
lowlng this, 16 Iterated encryptkins are made by 



means of various keys, derived from the chosen 
key and the dear textras tiie 64 bits before each 
iteration have been dvided into a left-hand side U 
arx) a right-harrd side Ri, each consisting of 32 bits. 

5 In the i-i-lst iteration Ri is transferred as the next 
left-hand side U-i-1, and the new right-hand side 
Ri-t-1 is produced as XOR of Li and 32 other bits, 
which appears as a complex, but completely de- 
scribed function of Ri and Ki+1. where W + l is a 

10 key of 48 t>its, which is derived from ttie chosen 
key of 56 bits. 

The function ttsetf can be described as fblkiws: 
tiie 32 bits in Ri are changed to 48 bits by bit- 
shtftirtg and are tften permuted. XOR of Ki^-i is 

7S generated. The resulting 48 bits are counted 6 at a 
time In 8 families, whrch by means of S-boxes are 
converted to 8 families witii only 4 t)it in each, so 
that 32 bits are deBvered. After a fixed permutation 
of these, the above 32 bits are found. 

20 After 16 iterations, the 64 bits are permuted 
with ttie inverse pennutation of the initial one. This 
is necessary to ensure that the subsequerrt decryp- 
tion of the crypto text can be made tiy ^mply 
performing the DES-algoritfim again, but witfi the 

25 16 derived ke^ in inverse order. 

Re 2. The differer)oe between a symmetrical 
crypto system and an asymmetrical crypto syst^n 
is that it is not possible in an asymmetrical system 
by way of cateulation to find tfie decryption key, 

30 even though ttie encryption key is known, btkI vice 
versa. 

Instead of "encryptkm* and "decryption" it is 
therefore more correct to speak* of»a secret trans- 
formation key SK (Secret Key) and a pubfic trans- 

36 formation key PK (PubDc Key). In particular. K is 
required for all messages. X tiiat 
PK(SK(X) - X and SK(PK(X) X 

An asymmetric^ crypto system can be used 
for both concealment and authenticity, and even for 

40 generation of digital signatures, tt must, however, 
be pointed out tfiat for each indivkhial user A wtto 
chooses a key or rattier a pair of keys (PA. SA). A 
can use SA for receipt of secret messages as well 
as for his own digital signature and other persons* 

45 public keys to send concealed messages. In return, 
ottier persons can use A's public key to send 
concealed messages to A. 

One of ttie best known asymmetrical crypto 
systems is the RSA crypto system (named after 

60 the tattlers of the system: Rh^ Shamir and Adel- 
man). It is t>ased on experiences which mattiemati- 
dans have obtained over several thousand years 
concerning prime numbers. It is relatively easy to 
decide whettter a specific chosen number n is a 

65 prime number or not. txit if it tums out that it is not 
a prime number, the difficulties of finding ttie prime 
number divisors increase exponentially with tiie 
magnitude d the number. Even wtien using all the 
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artifices which mathematidans have developed tn 
the courts of time, it has not been possible to Itnd 
a simple way of deducing the prime number di- 
visors. There are extremely many numl)ers of hun- 
dred digits or less (the limit today is about 90). 
which are practically impossible to resolve into 
prime factors. 

In the RSA cryptD system, the origin Is two 
'randomly chosen prime numbers p and q of ap- 
prox. 100 digits each. These prime numbers must 
be strong prime numbers, which have the effect 
that it t)y means of known methods will take UlDons 
of years to find the divisors tn n on the basis of n 
= pq (p and q are kept secret). It is necessary that 
these properties are available because of the secu- 
rity of the system. Then a number e is chosen, 
which must be prime with (p-1Hq-1). Knowing p 
and q it is possit^ to find another numtter d with 
the foltowing properties: 

Given a random number m less tfmn n. the 
remainder of m*^ Q.e. m multiplied by Itself (d 
multiplied by e) times) by subsequent dhrision of 
Integers with n. will again ghre the number m. 

It is possible in several ways to divide mes- 
sages into blocks, which can be represented 
unkfuely as numbers between 1 and n. e.g. t>y 
means of ASCII codes. A dear text m. represented 
in this way, is thereafter encrypted as 
csm" modulus n. 

i.e. the remainder of m multiplied by itself e times, 
by subsequent division of integers with n. 

Decryption of c is made tiy calculating 
0^ modulus n »«or^- 
which according to the above Is equal to m. 

The pair of numbers (e. n) can. of course, be 
used to specify a pubGc key. viz. tfie key 
P(m)=m* modulus n, 

whereas the pair of numbers (d. n) specifies the 
secret key 
S()c)=x^ modulus n. 

(it is only d. which must be kept secret together 
with p and q). 

Hereby a publto key system results. 

Re 3- An important raquirement for crypto sys- 
tems is often that a certain speed Is guaranteed. 
Hardware equipment where the algorithm Is stored 
in a specially designed chip, operates with far 
greater speed tttan software equipment It may be 
a question of a factor of hundred or more, depend- 
ing on the equtpmenL 

As an example it is to be mentioned that DES 
in software in e.g. eqinpment with an INTEL 8088 
processor and a ckx* frequency of 4.7 MHz en- 
crypts at a speed of approx. a few thousand bits 
per second (there is a possibinty of conskierable 
variations depending on the implementation). 

As regards software implementatkm of RSA the 
fastest 32 bit chips today, e^. MOTOROLA 68030. 



with a dock frequency of 20 MHz, will produce an 
RSA block encryption of 512 bits. In approx. 4. sfic 
and a decryption in approx. 1 sec. (by means of a 
minor mathematical artifice). By means of so-called 

5 "digital signal processing' chips, this can be re- 
duced even further, presumably to 1 sec. or less 
for an encryption. 

On the martcet today "blapk twxes" are avail- 
atjle contairting encryption chips, whteh can make 

10 an encryption with a high security level. One of 
tftese is a so-called SCP-box which in addition to 
being a Chlpcaid reader vrith keytioard for PIH- 
code contrd also comprises a display, a relalh^ely 
fast CPU. 128 Kb RAM and the DES as well as 

76 RSA algorithms. The box Is designed in such a 
way that it destroys itself when it is attempted to 
gain physical access to the electronics. i.e. ft is so- 
called "tamper-proor box. It has an encryptkxi 
capacity of about 40.000 bytes per minuto with the 

20 DES algorithm. By using this box the ability of the 
Chip card to store keys is used to ensure au- 
thenticity and by means of a table in the RAM 
storage in combination with the chip card, keys can 
be woriced out which are unique to the Indhridual 

3S encryption and transfer of information. 



Chip cards 

30 From a cryptok)gteal point of view, the eixpk>- 
sive devek>pment of very small chips has fadlitated 
a very interesting devetopment viz. ttte chip card. 
This card has the same shape and size«as>.a 
magnetic card, but contairts furthermore as men- 

35 tioned atxive a small processor and a small storage 
(typk:ally 1-2 kbyte). whk±i may e.g. be of ttie type 
EEPROM (Bedricalty Eraseable Programmable 
Read Only Memory), so that both input and output 
access can t>e obtained via a card reader. 

40 Such a card Is partteularty suitable for storage 
of e.g. a secret key. It is furthermore pos^e to 
protect this key effteientiy by an encryption con- 
trolled t>y a PIN code, and by securing the key so 
that It cannot be read from the card, twt only be 

45 used for encryption and decryption. It is also possh 
' ble to let the card destroy Itself (logically) if a 
wrong PIN code is used more than e.g. tfvee 
times, and to give it a deftnito Trfetime (a certain 
number of applications). 

60 

Detailed description of cNp cards 

The chip card contains a mtero processor, data 
65 and program storage and an I/O gate, secret in- 
formation and protected information being hidden 
or stored in a data. memory. As the I/O gate is 
controlled by tite micro processor, all reading of 
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InformaSon Is controlled by the micro processor. 
Reading of ^ciBt data Is not possible and reading 
of protected data is only possible after positive 
validation of tfie PIN code of tfie card. With correct 
PIN code It Is possible to encrypt and decrypt data 
and to generate temporary keys. For encryption 
and decryption, the Data EruTyption Standard 
(DES) Is used. In addition to the operating system 
for the micro processor the program memory also 
contains tfte encryption algorithm DES. This has 
the result that itie card can in fact t>e used to 
encrypt and decrypt data, even though It is quite a 
slow process (approx. 128 bytes per second). 

The chip card In Its present versions PES 
Smart Card (PhlGps) and CPS Smart Card (Bull)) 
can contain up to 1Q24 bytes information including 
various "headers'. This conesponds to 500-600 
bytes of user infonnation. deperufmg on the struc- 
ture of the information In the card. 

1^ (fifferent types of cards exist: 

Batch card: this card is received together with 
the new cards and Is used when personalizing 
these. 

Root card: This card is used during the per- 
sonalization to decrypt the application keys and the 
personal keys. t)efore they are written into the chip 
card. This has the effect that the personal keys can 
be stored in a file in encrypted form and will only 
be known in the memory of ttie personalizing sys- 
tem during the execution of the perso naOzation. 
The root card contains for each type of personal 
key a corresponding Root key. 

Rehatjifitation card: Is used when rehat^litating 
a Trartsaction card. 

Transaction card: This Is the card wfilch Is 
handed out to the users. It is used to store and 
protect personal keys and for generation of tem- 
porary keys for access control and encryption and 
decryption. 

The Gfetime of ttte diip card is divided Into 
different (biases: 

1. Pre-personaBzation 

2. Personalization 

3. Active 

4. Endof^ 

5. Rehabilitation 



Re 1. Pre-personaTizatkm 

In tt^ phase the card is empty apart inm 
production information. Tfte only informatk)n cor^- 
tained in the card at this time is a production key 
and infonnation as to which "batch" the card be- 
tongs to. In order to obtain access to the memory 
of the card, it is necessary to know or gain access 
to the production key. which can only be obtained 
by having in one's possession the soiled Batch 



card which belongs to this partteutar "batch". 

This ensures that only the holder of the Batch 
card can personalize cards and that the tiatch card 
holder only can personaHze cards t)ek»iging to the 
5 "batch" In question. 



Re 2. Personalization 

TO When the production key is presented to the 
chip card. It Is possible to input information into the 
memory. Information can e.g. t>e secret keys. OES 
identification, tlie names of tfie card holder and the 
card Issuer, etc. When this phase is over, the card 

ts enters its active pfiase. 



Re 3. Active 

20 In this phase, the card is used by a user for 
encryption and decryption and for generating tem- 
porary keys. 

The card can be used .until one of three situ- 
ations appear 

25 a) The card is invaGdated fcvy an end-of-Tife 

instruction. 

b) One ttie control zones of the card is full. 
The card contains tfvee special zones: production 
key corrtrol zone, applicatkm key control zone and 

30 PIN control zone. In the first two zones a bit wiH t» 
|3taced wtten an error has been made when pre- 
sentirtg a key. In the last zone a t}lt is placed, each 
time a check Is made for the PIN code. If the last 
zone nins full, the card enters tiie end-of-lifie 

3S phase. This will happen after a maximum of 6000 
presentations of the PIN code. The contents of this 
zone are reduced when user information and ser- 
vice keys are input into the card. 

c) Three consecutive iricorrect PIN code in- 
40 puts cause the card to be locked. The card can be 

opened again t>y r^tat^Irtation. 



Re4Bidof Bfe 

45 

In ttiis phase, ttte card cannot he used. The 
card can be rehablBtated. if incorrect PIN code has 
been used. 

50 

Re 5. Rehabilitation 

The card can be rehabilitated if the card hokter 
stiD remembers the correct PIN code, othenmse 
55 not Rehabilitation should be made by the card 
issuer and card holder jointiy. In order to rehabili- 
tate a diip card, a card is used wftich is spectaUy 
designed for this purpose, viz. the rehabintation 
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card. 

The d^ign of the chip card provides a pos- 
dbinty of storing keys protected by PIN code, 
possibly encrypted and dedicated use of the keys 
{e.g. only decryption). At the same time the input- 
ting of infbmriation and keys in a chip caid depends 
on whether you have access to both the Root card 
and ttie Batch card, 1^. that only spedfk: persons 
have access to input keys/information. 



Administration of keys 

One of the largest problems In connection with 
a crypto system of practical use Is the actual 
handDng of keys, as the keys are the 'interface** of 
the system towards the users and constitute the 
weakest nnk of a system. 

VWien a user Is to have a key handed out or 
registered, ft must be possible to ktentify him In a 
satisfactory way. The key is kept on a chip card, 
which can be allotted a definite lifetime, and wtiich, 
as mentioned above, also destroys rtsetf, wtten a 
wrong PIN code has been used three times. 

TTie more a key is used, tfte greater the risk for 
tfte key tiecoming known. It is ttierefore necessary 
to change the key at frequent intervals. As the 
numt)er of users t)ecomes large, and art>{trary us- 
ers must communicate wfth each other in encryp- 
ted form. tt» users are equipped with keys wtiich 
are not used for data and file encryption, but only 
for exchange of the real encryption keys. 

An administration is created around tfie secu- 
rity system and the handling of the keys, which 

a) ensures ttiat the used keys are kept se- 
cret 

b) ensures a posstbtlity of being able to 
recreate used secret keys and provides a possibi^ 
fty of verifying that a certain key has been used for 
a specific purpose, 

c) gives a simple and safe allocation of keys, 

and 

d) prevents swindling with the atlooation of 
chip cards by a stable and hermetic procedure. 

The procedures for setting up tf»e keys in cor»- 
nection with a chip card comprise: 

1. Generation of keys 

2. Inputting keys and desired Information into 
chip cards 

3. Distribution of cards 

4. Renewal/withdrawal of carcte 



Re 1. Generation of cards 

The keys for inputting information into tfie chip 
card are generated (n such a way that they are 
both different and generated from random num- 



bers. Accordingly, ft is not possible to predict or 
guess the va!us of a key. In order, to start the 
program for generating keys, a chip card must be 
presented (secured by a PIN code). TTte keys 
s generated are stored In encrypted form in a file by 
means of this card. 



Re 2. Inputting keys and desired infonnation into 
10 the chip card 

The data (keys and possible information) wfiich 
are to be input into the cards, as provided by an 
appncation from tfie file in which they were er- 
rs ranged previously. The application sees to ft that 
this data can only be transferred from the encryp- 
ted file to a chip card by two different persons with 
two different chip cards each having tts own PIN 
code. The first card is a card which fias been 
so aUoted to the card issuer and the contents of whteh 
are known exdusiveiy by the manufacturer produc- 
ing the "empty" chip cards. The second card is a 
card which follows the t»atch of cards being pre- 
pared. Accordingly, the per8on(s) generating the 
25 keys and the infonnation has/have no possibitity of 
inputting the keys and the Informatkm into the cHp 
cards. On the other hand, the person(3) inputting 
the data into the chip cards has/have no possitdltty 
of learning what is being input into the cards. When 
30 the cards are being prepared, a togging to an 
encrypted file will tie carried out This file will be 
error tolerant and the mirror of an altemative phys- 
ical position. Thejle will be secured by means of 
an appropriate security routine. 

35 

Re 3. DistritHition of carcte 

Traditionally, the cards are issued to the users 
40 in batches. The card is sent separately and the PIN 
code is sent separately. The PIN code is sent or 
deTfvered after accept of receipt of the card. 



45 Re 4. RenewalMtfidrawaJ of cards 

When a card has mn out for one reason or 
another, ft must be returned to the card issuer as 
far as possible. The card issuer destroys ft and 

50 possit>ly Issues a new card to replace the okl card. 
For security reasons it is preferred that when 
changing cards, a new card Is produced which is 
different in terms of the input keys fmm the card 
whteh has run out tf a user ceases to use the cWp 

S5 card, the card must be returned to the card Issuer. 
Under an circumstances tfte card is blocked elec- 
tronicalfy. A possibilrty of bbcking the card at the 
first presentation after the blocking can be input 
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Observation of these precautions ensures 
that one person atone canndtTirdGluce a chip card, 
that only the card issuer can input information and 
keys, 

that keys can b& produced at any time for verrfrca- 6 
tton of the use of a card which has run out and that 
the right user gets possession of the cards witfiout 
any risk that the card is used by unauthorized 
persons. 



Autf>entidty 

The authenticity, i^. security that the parties 
involved. transmitterAecehrm' are wtx) tttay preterKi is 
to be, can be ensured in various ways, depending 
on whether the system is 

1 . a symmetrical system or 

2. an asymmetrical system 



Re 1. Symmetrical crypto system 

In order to ensure that a transmitter (A) and a 
receiver (B) are who they pretend to be. A sends a 2S 
number in encrypted form to B, and B verifies tfiat 
tfte numtier comes from A. Then B sends a com- 
blnation of a part of tfie number wtuch B receh/ed 
from A, together with a ntmb&r generated t>y B in 
encrypted form to A. A can hereafter verify that tfie so 
comlMnation ftas come from B, and at tfie same 
time A can check the part of tfie number which was 
generated by A. A now encrypts.the, number which 
A received from B and sends it back to B, wrfio 
after verification can see that B has received the ss 
same combination as B sent to A. Bekm. it is 
outlined how a chip card can be used to ensure 
authenticity. When using tfie symmetrical crypto 
system a faint r1^ must te anticipated of a Icey 
ti^ng tjroken and data being read by tfiird parties. 40 
TTiis risk arises if a former memtier of the system 
with a thorough knowledge of the type of initial 
exchange of messages is in possession of a valkl 
chip card and if this memt>er taps tfie connection 
between transmitter and receiver and is in posses- 45 
sion of tfie used crypto program. 

Such a person will be able to decrypt ttie 
documents which are exchanged, encrypted with 
tfte described key in tfie transmission in question. 
However, it will not be possible to ctiange tfie so 
contents of the document and a renewed dect^^- 
ing will also have to bte made when tapping the 
next document transfier, as a new key is used for 
tf^ transfer. 

In tfie system according to the invention, a chip S5 
card reader 122. 222 and 428. respectively, is 
connected to each computer system or each host, 
the computer systems 100. 200 and 400. 



the two computer systems constituting trans- 
nnltter and receiver, the computer systems 100 and 
200, respectively, shown in fig. 1-4. are equipped 
with authori^ cftip cards and are autiiorized to 
use these. 

Each card 122 and 222 has two service zones 
for this purpose: 

A service zone witfi a "Verification key" (Vk) which 

is used to verify that the encryption which tfie 

opposite party has used is conect 

A service zone with a "Signature key" (Sk) which is 

used for encryption of tiie communication. 

Vk can only be used for decryption and Sk can 

only be used for encryption. 

In the procedure shown in fig. 5, tfie following 
abbreviations are used: 

VkA : Verification key for A or the computer system 
100 

SkA : Signature key for A or tfie computer system 
100 

VkN : Verification key for B or the computer sys- 
tem 200 

SkB : Signature key for B or the computer system 
200 

E : Encryption 
D : Decryption 

R1, R2. R2: Random numbers 

Ml, M2, M3: Transfenned messages 

IdA : The pubHcfy known identification for A or the 

computer system 100 

IdB : Tfie pubficfy known identification for B or tfie 
computer system 200 

The procedure appears from fig. 5. ^ 



Re Z, Asymmetrical crypto system 

The authenticity verffk:atton described above 
witii reference to fig. 5 is solely t>ased on the 
application of an encryption system based on DES, 
but for the sake of completeness, the asymmetrical 
system Is briefly described bekm. 

If A or tfte computer 100 is to send a dear text 
M, vrtiich is to be kept secret wfien t)eing transmit 
ted, to B or tiie computer system 200, A uses B's 
public key P6, which B has made public to every- 
one, and sends 
PB(M)-K) 

Only B can decrypt, as only B knows his 
private key and SB(C)-^ 

If A is to send a clear text X to B in encrypted 
form in such a way that B can check that tfie 
message comes from A. A sends 
SA(XHY. 

B then tries witti A's public key PA and finds 
PA(Y)-Y 

If X Is meaningful, tfien SA must have been 
used, as only A can encrypt in such a way tiiat PA 
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can decrypt into anything meaningful. It should .be 
noted that authsntictty is only ensured the first time 
the message X Is signed. In practice therefore, 
such a message must t>e unique, e.g. by indicating 
the time of the day. 

Both properties can be obtained in ttie follow- 
ing way: 

If A wishes to send M to B, so that B is sure 
that the message conrtes from A at the same time 
ensuring that only B of all people can decrypt the 
mess^. A sends 
PB{SA(M)-^. 

The only way in which M can be deduced as 
foDows: 
PA(SB(C))-^ 



Integrity 

The integrity ensures that data Is not changed 
during or after a concluded transmission. This is 
ensured by calculating tiie transmitter's (A) signa- 
ture and the receiver's (B) signature, adding tfiese 
to the document and having both A and B verify 
these signatures. With the DES algortthm, signa- 
tures are produced which can be encrypted and 
verified by means of chip card: 

In the system according to the invention, a chip 
card reader is connected to each computer system 
or each host The two computer systems cortstrtut- 
Ing transmitter and receiver^ 100 and 200 respec- 
tively, shown In fig, 1-4, are equipped with au- 
thorized chip cards and are authorized to^use 
these. 

For this purpose, each card has three service 
zones: 

- A service zone with a so-called "Verification key" 
(Vl(), which is used for verifying the signature which 
the opposite party has added to ttie document. 

- A service zone with a "Signature key" <Sk) whteh 
is used to encrypt the signature. 

- A servtee zone with a "Compresston key" (Ck) 
whteh is used to produce the signature (MAC). 

Vk can only be used for decryption and ^ can 
only be used for encryption. Ck is identical In all 
chip cards and can be used for compacting the 
document to the signature. 

In the procedure shown in fig. 6. tf^ fottewing 
at)t}reviations are used: 

VkA: Verification key for A or tf»e computer system 
100 

SkA: Signature key for A or tfte computer system 
100 

MacA: The compacted document seen from A's 
side 

EmacA: The encrypted MacA 

VkB: Verification key for B or the computer system 

200 



SkB: Signature key for B or the computer system 
200 

MacB: The compacted document seen from B's 
side 

5 EmacB: The encrypted MacB 
Ck: Compression key 
E Encryption 
O: Decryption 
C: Compression 

10 R1 : Random numbers exchanged previously 
Ml. M2. M3: Transferred messages 
blA: The publicly known identification for A 
UB: The publicly known identification for B 
The pnx^dure appears from fig. 6 

75 The integrity is ensured as both transmitter and 
receiver are certain that (fiave a possitMfity of 
checking) that ttte document has not been changed 
before or after the transmisskxi without possible 
changes being unambiguously ascertainable. The 

20 function *A2 is t>uilt up in such a way tfiat the chip 
card can produce a key by means of a pubBdy 
known identification which can decrypt the encryp- 
ted B/Mac and thus provide a basis for cheddng 
that the Mac whteh is added to ttie document is 

2S valkJ. i.e. calculated oh Hre tiasis of the document 
recehred by ttie expected transmitter. The same 
appBes in the opposite direction to the function 32. 

It is importam ttiat ttte Mac's produced are 
hidden In the document as they are the unique 

30 signatures of the parties. 

Security of access to ttie videotex system is 
shown In fig. 4 

This security is ensured by using cNp cards 
for automatic tog-on to the videotex system: 

35 1. Automatic presentation of identification 

and password 

2. Encryption of communication between ter- 
minal and vkteotex server 

2. Security in ttie videotex server as regards 

40 the intfividual user's access to the individual mail 
boxes and the applications of ttie system. 

Fte 1. Automatic presentation of identification and 
45 password 

A chip card reader 422 of ttie type LECAM 
connected to a Minitel 409 has an intelligence 
wtiich has tfie effect that it reads In a certain 

so position on the card searching for data for an 
automatized cfialDng. When ttie dialGng has been 
made, the applteation which is running on the 
videotex system will transfer a program to ttie RAM 
storage of ttie chip card reader. This program will 

6S then find identification and password In ttie card, 
ask for ttie PIN code to be entered and commu- 
rticate witti ttie application on tiie videotex server. If 
the PIN code is stated inconrectiy. the program has 
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no possibility of collecting Information in the chip 
card. 



Re 2. Encryption of communication between termi- 
nal and videotex server 

The program which is transferred to the chip 
card reader, finds the key which Is to be used for 
encryption, by looking up the chip card. The 
videotex application kx>ks up a table in the host or 
the computer system 400 and finds a correspond- 
ing key. Encryption is made on the basis of this 
key for the wttole communication between Minitel 
400 and Host 400. It Is expedent to use this 
encryption key to encrypt the exchartge of the 
.rarvlomly chosen key which is used for erKsryption 
of the rest of the communication, as this has the 
result ti^ a different encryption key is used for 
each Individual communication. 



Re 3. Security in the videotex server as regards the 
indtvidual user's access to the Individua] mail 
boxes and the applications of the system 

The access to mail boxes, data and appfica- 
tions in the videotex server is ensured by ttie "tog- 
on" which is made on the basis of the infbmiation 
residing in the chip card. As the exchange of 
Identification and password takes place in encryp- 
ted fomn. it wilt not be pos^ble by tapping ttie Dne 
and the terminal to reconstruct these. In other 
words, it win not tte possible to get in contact with 
the mail boxes without possessing a chip card with 
a secret PIN coda (whteh is only found in the card). 

After access has been obtained to the video 
tsx system* It is secured ttiat access cannot be 
otrtained to a basic host computer. This is done to 
avtrid that data hackers by an error in the video tex 
system can obtain access to ttie operating system 
of the fiost computer. 



Security when exchanging documents 

The security system sees to it ttiat documents 
which are txiilt up according to the EDIFACT stan- 
dard can be transferred securely between con- 
nected hosts. 

It is ensured 

1. that the documents can be endorsed with 
signature, 

2. that tfte documents cannot t)e forged, 

3. that the documents can only be read 
by/transtened to the person authorized, and 

4. that it is possit>le to produce unambiguous 
evidertce In connection with a possibte dspute 



Re 1. The documents can b»e endorsed with a 
signature 

The transmitler goes through the document or 
5 parts thereof in order to generate an abbreviated 
expression of the document (e.g. a 64 bit key). 
This expression contains at least a serial numt)er. 
date, time and all the sensitive data. TNs expres- 
sion is encrypted by a chip card with a key whk:h 
10 is fourid in the card and wfiich cannot t>e read but 
only used for encryption or decryption in the card. 
The encrypted resuH QAAC = Message Authen- 
ttfication Code) Is unique to this document and this 
transmitter, and tfie MAC is added to the docu- 
75 ment whereupon it is ready for "dispatch". 



Re 2. The documents cannot be forged 

20 tf changes are made in the document after ttie 
transfer is considered to be concluded, it will be 
possitkle to ascertain tfiis. as tiie MAC'S which are 
included In lite document can be validated, wfiere- 
upon the document Is accepted or considered as 

25 IrwaBd. 



Re 3. The documents can only be read 
by/transferred to tfie auttwrtzed person 

30 

Both transmitter and recehfer make sure tftat 
they are In contect witti the rigtit person, where- 
upon^.the document is encrypted by nieans of a 
key which is known by transmitter and recewer 
3$ exciusiveiy and wfuch is artxtrary and only applies 
to this one transfer. 



Re 4. Possibinty of producing unamt)iguous evi- 
40 dence In connection with a possit>le dispute (MAC) 

This is ensured tTy the card issuer's keeping 
the Issued keys in a satisfEtctory way so that It can 
be decided at any time wheth^ there is Identity 
4S between a document and the associated MAC'S. 



BJIFACT definition 

GO EDIFACT (Electronic Date Interchange l=br Ad- 
ministration. Commerce and Transport) Is a staT>- 
dardised method of electronic transfer of all busi- 
ness related documente. wNch have an organized 
structure. The standard - which is approved by ISO 

55 (International Standard Organization) - is meant for 
exchange of documents between computer sys- 
tems on botfi a domestic and a foreign level; the 
standard is therefore not dependent on language. 
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The standard do^ not pr^cribe how the actual 
network communication must be carried out ft is a 
technicalty independent standard. 

An EDIFACT document can be divided into 
certain parts or modules, Yirhich are called seg- 
ments. Each segment has a specific purpose in the 
document in question, and the position of the seg- 
ment in the message is prsscritjed by the standard 
for the document type in question. Alt segments 
are identffied by a 3-tetter code as prescribed by 
the standard. A message consists of many different 
segments which together contain all the information 
which is necessary to create the document 

A segment may e.g. look nke this: 
CUX + DEM:IN 

CUX is a segment head; C\JK means type of 
cunency 

+ tea data element punctuation mark 
DEM means German marks - the value can t>e 
anything else; arbitrarily definable as king as both 
transmitter and receiver agree to the meaning of 
the codes 

: is a data component punctuation mark 

IN is an abtireviation of INvoice - also arbitranly 

definable 

' designates the end of a segrnent 

The contents of a segment can be divkled into 
data elements. A data element is divided Into one 
or more data components. In the above example 
with the segment CUX. only one data element is 
found. This data element consists of 2 data compo- 
nents, viz DEM and IN. 

- : is the punctuation mark separating coherent 
data components, whereas is the separator for 
the indivkiual data elements in a segmenL This 
technique of descritMng informatkm in a document 
is genera] and is used in all EDIFACT segments. 

The data which foitows a gWen segment head, 
is defined In the standard and is therefore unatter- 
able. ft is, however, not all data wtiich Is compul- 
sory - quite a few can fcte omitted depending on the 
need. 

To a very large extent codes are used in the 
indivkJual segmerrts. By this is meant e.g. DEM in 
the above example which means German marks. 

Both parties to the communication (transmitter 
and receiver} must agree to the applicatkm of 
these, as these are no4 covered by the standard. 



Clalnts 

1. A mottiod of lrar)sf erring data, an electronic 
documerrt or the Eke from a first computer system 
to a second computer system via a data transmis- 
sion line, e.g. a public data transmission line, 
wherein for said transfer 

a first station is used for outputting data from and 



inputting data into a first electronic card, said first 
statkn being connected to and commimk^ating with 
saki first computer system and furthermore being 
connected to said data transmisskm Bne via sakl 

5 first computer system and Interfacing means, and 
a second station is used for outputting data from 
and inputting data into a second electronk: card, 
said second station being connected to and com- 
municating with said second 'computer system and 

10 furthermore ti^ng connected to ssdd data transmis- 
sion line via this second computer system and 
interfacing means, 

said first and second electronk: card each compris- 
ing a central data processing unit an internal stor- 

75 age means, an input/output gate for communkxttkm 
with said connssporKiing statkMi as vrell as an 
encryption/decryption means and together consti- 
tuting a coherent set of cards comprising coherent 
encryption and decryption keys input into sakJ in- 

20 temat storages of sakl cards, 

sffld data or said electronic document beirtg trans- 
femed to said first electronic card from sakJ first 
computer system via said first station artd said 
input/output gate of said first electronic card, being 

25 input into and b^ng temporarily stored in said 
internal storage of said first electron^ card, 
said data or s^d electronic document t)eing output 
from said internal storage of sakf first electroroc 
card and being encrypted in said first electronk; 

30 card by means of said encryption/decryption 
means of said first electronic card and said encryp- 
tion key(s) stored In said internal storage of sakl 
first electronic card,-- 

said data or said electronk: document being output 

35 from said first electronic card In encrypted form via 
said input/output gate of sakl first electronk: card 
and being transferred via sakl first station to sakl 
first computer system and t)eing transferred ttiere- 
from via sakl interfacing means of said first com- 

40 puter system to said data transmission Qne, 

said data or said electronk: document being re- 
c^ved by said second computer system In encryp- 
ted form via sakl interfacing means of sakl second 
computer system, toeing transferred to said second 

45 electronic card via said second station and via said 
Input/output gate of sakl second electronic card. 
being input into and temporarily stored in said 
internal storage of said second electronk: card, 
said data or said electronic document being output 

50 from said internal storage of said first electronk: 
card In encrypted form and being decrypted in sakl 
second electronk: card by n^eans of sakl 
encryption/decryption rrieans of said second elec- 
tronk: card and said decryption key(s) stored in 

65 said internal storage of sakl second electronk: card, 
and 

said data or said electronic document being output 
after decryption In said second electronk: card from 

21 
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said second electronic card and output to said 
second computer syst^ via said input/output gate 
of said second electronic card and via said second 
station. 

2. A method according to claim 1, a verification 
of tf>e auUtenfidty of said first electronic card rela- 
tive to said second electronic card aruJ vice versa 
tieing made prior to said transfer of said data or 
said electronic document from said first computer 
system to said second computer system. 

3. A method according to any of the preceding 
claims, at said transfer of said data or said elec- 
tronic document from said first computer system to 
said second computer system, a verification of the 
mtegrity of s^d data or said document transfer 
tieing made. 

4. A method according to any of the preceding 
claims, said inputting into, said outputting from, 
said ertcryption and said decryption and possibly 
said authenticity and Integrity vedfication t)eing 
controlled autonomously tTy said central data pro- 
ces^ng unit of said individual card. 

5. A method according to any of the preceding 
claims, said transfer of said data or said electronic 
document being made in accordance with the 
UECAM protocol. 

6. A method according to cUdm 2. said au- 
thenticrty verification being made by 

a first set of data being generated in said first 
elecferonic card, said set of data being input into 
artd stored in said internal storage of said first 
electronic card and beir^ encrypted in said first 
electronic^Cctrd by means of said 
encryption/decryption means of said first electronic . 
card and said encryption key(s) stored In said 
internal storage of said first electronic card, 
said first set of data b&ng output from said first 
etectnonic card in encrypted form via said 
input/6utput gate of s^d first efecbionic card. t>etng 
transferred via said first station to said first corrt- 
putsr system and being transferred therefrom via 
said interfacing means of said first computer sys- 
tem to said data transmission liiie. 
said first set of data tieing received by said second 
computer system in encrypted form via said fnter- 
fadng megns of said second computer system, 
t)eing transferred to said second electronic card via 
said second station and via said input/butput gate 
of said second electronic card being input into and 
tempmarily stored in said internal storage of said 
second electronic card, 

said first set of data rec^ved by said second 
compute system In encrypted fonn being output 
from s^d internal storage of said second electronic 
card and being decrypted in said second electronic 
card by means of s^ encryption/decryption 
means of said second electronic card ar^ said 
decryption key(s) stored in said internal storage of 



said second electronic card, 
said first set of data received by said second 
computer system in encrypted form and decrypted 
in said secorKl electronic card being input into and 
5 stored In said internal storage of said second elec- 
tronic card, 

a second set of data beang generated in said sec- 
ond electronic card, said second set of data tieing 
input into and stored in sad internal storage of said 

TO second electronic card, 

a first combination of said first set of date received 
t>y said second computer system in encrypted 
fovm, decrypted and stored in said internal stora^ 
of said second electronic card and said second set 

16 of data stored in said internal storage of said sec- 
ond electronic card being generated in said second 
electronic card, said first comt»nation being input 
into and stored in said internal storage of said 
second electronic card, 

20 said first combination being encrypted in said sec- 
ond electronic card by means of said 
encryption/decryption means of said second elec- 
tronic card and said encryption key{s) stored in 
said internal storage of said second electronic card. 

25 said first comt)ination being output from said sec- 
orwj electronic card in encrypted form via said 
input/butput gate of s^d second electronic card. 
beir>g transfenred via said second station to said 
second computer system and t>eing transferred 

30 therefrom via said interfacing means of said sec- 
ond computer system to said data trarismlssion 
line. 

said first combination being received, by said first, 
computer system in encrypted form via said inter- 
ns fadng means of said first computer system, t>etng 
transferred to said first electronic card via said first 
station and via said input/butput gate of said first 
electronic card, t)eing input into and temporarily 
stored in said internal storage of said first elec- 
40 tronlc card, 

said first combination received by said first com- 
puter system in encrypted form being output from 
said internal storage of said first electronic card 
and ti^ng decrypted in said first etectronic card ty 
4s means of enoyption/decryption means of said first 
' electronic card and said decryption key(s) stored in 
said internal storage of said first electronic card, 
said first combination received by said first com- 
puter system in encrypted form and decrypted in 
60 said first electronic card being input into arxl stored 
in said internal storage of said first electronic card, 
said first comt)ination stored in said internal stor^e 
of said first electronic card b^ng decombined for 
producing a first set of date retransmitted to said 
55 first electronic card artd a second set of data trans- 
ferred to said first electroruc card, 
said first set of data retransmitted to s^d first 
elecboruc card and said second set of date trans- 
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ferred to said first^elertroric card being' input Into 
and stored in sdd internal stor^ of said first 
electrorttc card, 

said first set of data stored in said internal storage 
of said first electronic card being compared to said 
first set of data re transmitted to said first elec- 
tronic card and stored in said Internal storage of 
said first electronic card for verification of identity 
between these sets of data for verification of the 
auttienticity of said second electronic card relative 
to said first electronic cardi 
a third set of data being generated In said first 
electrontc card, said third set of data being input 
into arKl stored In said Internal storage of said first 
electrontc card, 

a second comtiinaiion of said second set of data 
receh^ in encrypted form by said first computer 
system, decrypted and stored in said internal stor- 
age of said first electronic card and said third set of 
data stored in said internal storage of said first 
electronic card b&ng generated in said first elec- 
tronic card, said second combination being input 
into and stored In said intennal storage of said first 
electronic card, 

said second comtrination t)eing encrypted in said 
first electronic card Ijy means of said 
encryption/decryption means of said first electronic 
card and said encryption key(s) stored in s^ 
internal storage of said first electronic card, 
said second comt)lnafion being output from said 
first electronic card in encrypted form via said 
input/output gate of said first electrontc card, being 
transfenned via said first station-to said first com- 
puter system and t>efng transferred therefrom via 
said interfacing means of said first computer sys- 
tem to said data transmission One, 
said second comt>inaiion being received by said 
second computer system in encrypted form via 
said interfacing means of said second computer 
system, tieing transferred to said second etectronic 
card via said second station and via said 
input/output gate of said second electronic card, 
being input Into and temporarily stored in said 
internal storage of said second electronic card, 
said secoTKl combination received by said second 
computer system in encrypted fonm being output 
from said internal storage of said second electronic 
card and being decrypted In said second electronic 
card by means of said encryption/decryption 
means of said second electronic card and said 
decryption key(s) stored in said intennal storage of 
said second electronic card, 
said second combination received by said second 
computer system In encrypted form and decrypted 
being input into and stored in said internal storage 
of s^d second electronic card, 
said second combination stored in said internal 
storage of said second electronic card being de-' 



comtdned for producing a secortd set of data re- 
transmitted to said second etecironic card and third 
set of data transferred to said second electronic 
card, 

5 said second set of data retransmitted to said sec- 
ond electronic card and said third set of data 
transferred to said second electronic card being 
input into apd stored in said internal storage of said 
second electronic cant, and 

10 said second set of data stored in said internal 
storage of said second electronic card being com- 
pared to second set of data retransmitted to said 
second electronic card and stored in said internal 
storage of said second electronic card for verifica- 

T5 tion of Identity tietween these sets of data for 
verification of the authenticity of said first electronic 
card relative to said second electronic card. 

7. A method according to daim 3, said Integrity 
verification being made by 

20 a compacted version of said data or said electronic 
document bemg generated in said first computer 
system or said first electrortic card, said oonr>- 
pacted version t>eing input into and sbxed in said 
internal storage of said first electronic card, 

25 a compacted version of said data transferred to 
said second computer system or of said electronic 
document transfenred to said second computer 
system tteing generated In said second computer 
system or in said second electronic card, said 

3D compacted version being input into and stored in 
said internal storage of said second electronic card, 
said compacted version stored In said internal stor- 
age of said first electronic card being output-from^s- 
said tntsmal storage of said first etectronic card 

35 and encrypted in said first electronic card by 
means of said encryption/decryption means of said 
first eledronic card and said encryption lcey(s) 
stored in s^d internal storage of said first eleo 
tronic card, 

40 said compacted data or document version encryp- 
ted by said encryption/decryption means of said 
first electronic card being output from said first 
electronic card via said input/output gate of said 
first etectronlc card, being transferred via said first 

45 station to said first computer system and being 
transferred therefrom via said Interfacing means of 
said first computer system to said date transmis- 
sion line, 

said encrypted and compacted data or document 
60 version transferred from said first computer system 
being received by said second computer system 
via said interfacing means of said second computer 
system, being trandferred to said second electronic 
card via said second stetion and via said 
55 input/output gate of said second electronic card, 
being input into and temporarily stored in said 
Internal storage of said second electronic card, 
said compacted date or document version received 
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by said second computer s^^tem in encrypted 
form being output from said intemai storage of said 
second electronic card and Iseing decrypted in said 
second electronjc card by means of said 
encryption/decryption means of said second elec- 
tronic card and said decryption l(ey(s) stored in 
said tntemal storage of said second electronic card, 
said decrypted, compacted data or document ver- 
sion received by said second computer system in 
encrypted form and decrypted by said second 
electronic card being input into and stored in said 
intemai storage of said secorx] electronic card, 
a comparison of said compacted data or document 
version stored in said secorvJ electronic card and 
said decrypted, compacted data or document ver- 
sion received by said second computer system in 
encrypted forni and decrypted beang made in said 
secoTKl electronic card for verification of the integ- 
rity of or identity between said data transferred 
from said first computer system and said data 
received by sadd seooruJ computer system or of 
tfie integrity of or idenlfty t)etween said electronic 
document transfened from said first computer sys- 
tem and said electronic document received by said 
second computer system. 

8. A method according to claim 3. said integrity 
venfication being made t>y 
a compacted version of said data or said electronic 
document being generated in said first computer 
system or in said first electronic card, said com- 
pacted version being input into and stored In said 
intemai storage of said first electronic card, 
a compacted version of said data transfeaBd,^to 
said secortd computer, system or said electronic 
document transterred to said second computer 
system tieing generated in said second computer 
system or in said second etectronic card, said 
compacted version ti^rtg Input into artd stored in 
said internal storage of said second electronic card, 
said compacted version stored in said internal stor- 
age of said second electronic card being output 
from said intend storage of said second electroruc 
card and ©ncrypted in said second electronic card 
by means of said encryptionAdecryption means of 
said second electronic card or said encryption key- 
(s) stored in said intemai storage of said second 
electronic card. 

said compacted data or document version encryp- 
ted by said encryption/decryption means of said 
second electronic card b&nQ output from said sec- 
ond electronic card via said input/butput gate of 
s^d second electronic card. t)eing transfenred via 
said second station to said second computer sy^ 
tem and being transferred therefrom via said Inter- 
facing means of said second computer system to 
said date transmission line, 
said encrypted and compacted date or document 
version transferred from said second computar 



system being received t>y said first computer sys- 
tem via said interfacing means of-said first com- 
puter system, being tr ansfe rred to said first elec- 
tronic card via said first station and via sad 

5 inputtoutput gate of said first electronic card, tteing 
input into and temporarfiy stored in said intemai 
storage of said first electronic card, 
said compacted date or document version received 
by said first computer system in encrypted form 

10 being output from said internal stor^e of said first 
electronic card arKl t>e!ng decrypted in said first 
electronic card by means of said 
encryption/decryption means of said first electronic 
card and said decryption key(s) stored in said 

15 internal storage of said first electronic card. 

said decrypted, compacted date or document ver- 
sion received by said first computer system in 
encryp>ted form and decrypted by said first elec- 
tronic card being input into and stored in said 

20 internal storage of said first electronic card. 

a comparison of said compacted date or document 
version stored in said first electronic card and said 
decrypted, compacted date or document version 
received by said first computer system in encrypr 

25 ted form and decrypted t)eing made in said first 
electronic card for verification of the integrity of or 
identity tietween said date transferred from said 
first computer system and said date received by 
said second computer system or of the integrity of 

30 or identity between said electronic document trans- 
ferred from said first computer system and said 
electronic docunvent received by s^d second com- 
puter system. 

9. A nrtethod according to claims 6 and 7. 
35 wtiKBin a transfer of a compacted date or docih' 

ment version ftotn said first electronic card to s£dd 
second electronic card as well as from said second 
electronic card to said first electronic card and a 
comparison of txith transferred, compacted date or 
40 document versions and stored, compacted date or 
document versions in said two electronb cards are 
made for said integrity verification. 

10. A method accdrding to claim 6 or a, said 
transter of said compacted date or document ver- 

45 sion generated in said first computer system or in 
s^ first electronic card from said first electponic 
card to said second electronic card being made 
simultaneously with seud transfer of said date or 
said elecbnonic document itself, said date or elec- 

fio tronic document and said compacted date or docu- 
ment version being comtrined and encrypted as a 
whole l)eforB said transfer. 

11. A method accorcfing to claim 7 or 8, said 
transfer of said con^>acted date or docum^it ver- 

S6 sion generated in said second computer system or 
in said second electronic card from said second 
electronic card to said first electronic card being 
made simuttaneously with a retransmission of s^ 

24 
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data or said electronic document received from 
sdd first electrmic ^rd from said second elec- 
tronic card to said first electronic card, said data or 
electronic document to be retransmitted and said 
compacted data or document version being com- 
txned and encrypted as a whole before said trans- 
fer. 

12. A method according to claims 9 and 10, 
wherein a stmuttaneous retransmission of said 
compacted data or document version received by 
said seoond electronic card and generated in said 
first computer system or in said first electronic card 
is made at said transfer of said compacted data or 
document version generated In said second com- 
puter system or in said second electronic card and 
said retr an smission of said data or said electronic 
document from said second electronic card, tx>th 
compacted data or document versions and said 
data or said electronic document to be retransmit- 
ted being comtHned and encrypted as a whole 
before said transfer. 

13. A method of transferring data, an electronic 
document or the tike from a first computer system 
to a second computer system via a data transmis- 
sion line, e.g. a public data transmission Hne, 
wherein for said transfer 

a first station is used, which is secured against 
illegal entry. i.e. a so-called 'iamper-proor station, 
for outputting data from and Inputting data into 
a first card, said first station betitg connected to 
and communicating wHh said first computer system 
and furthermore being connected to said data 
transmission tine via said first computer system 
and intsrfactng means, and said first station having 
a central processing unit an Internal storage, an 
input/output nr)eans for outputting data from and 
inputting data into sakt first card as well as an 
ertcryption/decryption means, and 
a second station is used, wtvch is secured against 
illegal entry, l.e. a so-called "tamper-prooT* station, 
for outputting data from and inputting data into a 
second card, saki second station being connected 
to and comnumicating with ssdd seccmd computer 
system and furthermore t>^ng cortnected to said 
data transmission line via said second computer 
system and interfacing means, and said' second 
station havtrig a central data processing ur^ an 
Internal storage, an Input/output means output- 
ting data from and inputting data into said second 
card as well as an encryption/decryption means 
said first and second card constituting a coherent 
set of cards comprising coherent data input into 
said cards concerning said coherent 
encryption/decryption keys stored in sakj internal 
storages of said corresponding stalkyis, 
said data or said electronic document bieing trans- 
ferred to said first station and being Input Into and 
temporarily stored in said Internal storage of saM 



first station, 

said data or said electronic document being output 
from said internal storage of said first station and 
being encrypted in said first station by means of 

5 said encryption/decryption means of said first sta- 
tion and said encryption key(s) stored in said inter- 
nal storage of said first station, 
sakl data or said electronic document being output 
from said first station to said first computer system 

10 in encrypted form and therefrom via said interfac- 
mg means of said first computer system to said 
data transmission One, 

said data or sakJ electronic document tieing re- 
ceived by said second computer system In encryp- 

15 ted fonn via said interfacing means of said second 
computer system, fc>eing transferred to said second 
station, t»eirtg input into and temporarily stored in 
said internal storage of said second station, 
sakj data or s^d electronk: document received in 

20 encrypted form t>eing decrypted in said second 
station t>y means of said encryption/decryptkm 
means of said second station and said decryptbn 
key(s) stored in said internal storage of said sec- 
ond station, and 

25 said data or said electronic document in said sec- 
ond station being output from said second statkm 
after decryption to saW second computer system. 

14. A nrtethod according to claim 13, wherein a 
verifkatkm of the authentk% of said first card and 

30 said first station relative to said second card and 
saJd second station and vice versa is made prior to 
said transfer of sakJ data or said etectronto docu- 

~...5,ment from said first computer system to sakl sec- 
ond computer system 

35 15. A method according to claim 13 or 14, at 
said transfer of s^d data or said electronic doci>' 
ment from said first computer system to sakJ sec- 
ond computer system, a verification of the integrity 
of said data or document transfer being made. 

40 16. A method according to any of claims 13-1 5, 
sakl inputting into, said outputlir^ from, said en- 
cryption and said decryption and possibly sakl 
authenticity and integrity verfficatkxt being con- 
trolled autonomously by sakl central data process- 

46 ing unit of sakl individual station. 

•17. A method according to any of the claims 
13-16. said transfer of said data or sakl electronic 
document being made in accordance with the 
LECAM protocol. 

60 18. A method according to claim 14. sakl au- 
thentidty verificatk)n t>eing made by 
a first set of data being generated In sakj first 
statton. sakl set of data being Input into and stored 
In sakj internal storage of sakl first station and 

65 being encrypted in said first statkm t>y means of 
said encryption/decryption means of said first sta- 
tion and said encryption key(s) stored tn sakl Inter- 
nal storage of said first station. 
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said first set of being output from said first 
station in encrypted form via said inputtoutput gate 
of said first station, being transfened to ssad first 
computer system and being transferred therefrom 
via said interfacing means of said first computer 
system to said data transmission Gne. 
said first set of data tjeing received by said secoraj 
computer system in encrypted form via said inter- 
facing means of said second computer system, 
being transfened to said secor>d station via said 
input/output gate of said secorKt station, being in- 
put into and temporarity stored in said internal 
storage of said second station, 
said first set of data rec^ved by said second 
computer system in encrypted form being output 
from said intemal storage of said second station 
and b^ng decrypted in ^d second station by 
means of said encryption/decryption means of said 
second station and said decryption lcey(s) stored in 
said intemal storage of said second station, 
said first set of data received by said second 
computer system in encrypted form and decrypted 
in said second station t>eing input into and stored 
in said intemal storage of said second station, 
a second set of data being generated in said sec- 
ond station, said second set of data being input 
into and stored in said intemal storage of said 
second station. 

a first comtiination of said first set of data received 
by said second computer system in encrypted 
fonm, decrypted and stored in said intemal storage 
of said second station and said second set of data 
.^stored in said interrtal storage of said second sta- 
tion being generated in said second station, said 
first comt>inatlon ti^ng input Into and stored tn said 
internal storage of said secorxl station, 
said first combination being encrypted in said sec- 
ond stafion by mearts of s^d encryptionActecryption 
means of said second station and said encryption 
key(s) stored in said intemal storage of said sec- 
ond station. 

said first comlxnalion being output from said sec- 
ond station in encrypted form via said input/bulput 
gate of said second station, being transfenred to 
said second computer system and being trans- 
ferred therefrom via said interfacing means of said 
second computer system to said date transmission 
fine. 

said first comtxrration beartQ received by sadd first 
computer system in encrypted form via said inter- 
facing means of said first computer system, being 
transterrsd to said first station via said input/output 
gate of said first station, b^ng input irrto and tem- 
porarity stored in said intemal storage of said first 
station, 

said first combination received by said first com- 
puter system in encrypted form t)eing output from 
said intemal storage of said first station and being 



decrypted in said fir^ station t>y means of 
encryption/decryption means of said first staSon 
and said decryption key(s) stored in said intemal 
storage of said first station, 

6 said first combination received t>y said first com- 
puter system in encrypted fonm and decrypted in 
said first station being input into arKi stored in said 
intemal storage of said first station, 
said first combination stored in said internal storage 

10 of said first station tieing decombined for producing 
a first set of date retransmitted to said first stafion 
and a second set of date transferred to said first 
station, 

said first set of date retransmitted to said first 

16 station and said second set of date transferred to 
said first station t)eing input into and stored in said 
intemal storage of said first stafion, 
said first set of date stored in said intemal storage 
of said first station being compared to said first set 

20 of date retransmitted to said first station and stored 
in said intemal storage of said first station for 
verification of identity between these sete of date 
for verification of the autftenficity of said second 
card and said second station relative to said first 

25 card and said first station, 

a third set of date being generated In said first 
station, said third set of date being input into and 
stored in said intemal storage of said first station, 
a second combination of said second set of date 

30 received in encrypted form by said first computer 
system, decrypted and stored in said intemal stor- 
age of said first station and said third set of date 
stored in said intemal storage of said first station, 
being generated in said first station, said secortd 

35 combination tieing input into and stored in said 
intemal storage of said first stafion, 
said second comt>ination being encrypted In said 
first station by means of said encryption/decryption 
means of said first station and said encryption key- 

40 (s) stored in said intemal storage of said first sta- 
tion, 

said second comt^nation being output from said 
first station in encrypted form via s£dd input/output 
gate of said first station, being transfened to said 

45 first computer system and being transfenred there- 
*from via said interfacing means of said first con^ 
puter system to said date transmission (ine, 
said second combination being received by said 
second computer system in encrypted form via 

50 said interfacing mearts of said second computer 
system, being transfenred to said second station via 
said input/output gate of said second station, being 
input into and temporarily stored in said internal 
storage of ssdd second station, 

66 said second combination received by said second 
computer system In er)crypted form being output 
from said intemal storage of said second station 
and being decrypted in said second station by 
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means of sakJ encryption/decryption means of sdd 
second stajj^i and said liecryptioh Ic9y(s) stored in 
said internal storage of said second station, 
said second combination received by said second 
computer system In encrypted fonn and decrypted 
in said second station being input Into and stored 
in said internal stor^e of said second station, 
s^ second combination stored in said internal 
storage of said second station being decombtned 
for producing a second set of data retransmitted to 
said second station and third set of data transferred 
to said second station, 

said second set of data retransmitted to said sec- 
ond station and said ttiird set of data transferred to 
said second station b^ng input into and stored in 
said internal storage of said second station, and 
said second set of data stored in said internal 
storage of said second station being compared to 
second set of data retransmitted to said second 
station artd stored In said interrtal storage of said 
second station for verification of identity t>etween 
these sets of data for verification of the authenticity 
of said first card and said first station relative to 
said second card and said secorxl station. 

19. A method according to claim 15, ssad integ- 
rity verification being made by 
a compacted version of said data or said electronic 
document b^ng generated in said first computer 
system or said first station, said compacted version 
t)eing Input into and stored in said internal storage 
of said first station, 

a compacted version of said data transferred to 
said second-computer system or of said electronic 
document transferred to s^d second computer 
system being generated in said second computer 
system or in said second station, said compacted 
version t)elng input Into and stored in said internal 
storage of said second station, 
said compacted version stored in said Internal stor- 
age of said first station being output from said 
irrtemal storage of said first station and encrypted 
in said first station by means of said 
encryptiori/decryption means of said first station 
arKi s^ encryption key(s) stored In ssid internal 
storage of said first station, 
saud compacted data or document version encryp- 
ted by said encryption/decryption means of said 
first station tteing output from said first station via 
said input/output gate of said first station^ bemg 
transferred to said first computer system and being 
transferred tiierefrom via said interfacing means of 
said first computer system to said data transmit 
sion line, 

said encrypted and compacted data or document 
version transferred from said first computer system 
being received by said second computer system 
via said interfacing means of said second computer 
system, being transferred to said second station via 



said input/bulput gate of said second station, beirtg 
input into and temporarily stored In said Interna! 
storage of said second statics, 
said compacted data or document version received 

6 by said second computer system in encrypted 
form being output from said internal storage of said 
second station and being decrypted in said secorKi 
station by means of said encryption/decryption 
means of said second station and said decryption 

10 lcey(s} stored in said internal storage of said sec- 
ond station, 

said decrypted, compacted data or document ver- 
sion received t>y said second computer system in 
encrypted form and decrypted by said second sta- 

15 tion being input into and stored in said internal 
storage of said second station, 
a comparison of said compacted data or document 
version stored in said second station and said 
decrypted, compacted data or document version 

20 received by said secorul computer system in en- 
crypted form and decrypted t>«ng made in said 
second station for verification of ttie integrity of or 
identity between said data transferred from said 
first computer system and said data received t>y 

25 said second computer system or of tfie Integrity of 
or identity between said electronic document trans- 
ferred from said first computer system and said 
electronic document received by said second corr>- 
puter system. 

30 20. A metiiod according to claim 15, said integ- 
rity verification be\ng made by 
a compacted version of said data or said electronic 
document being generated -^in^said first computer 
system or In said first station, said compacted 
3S version being input into and stored in said internal 
storage of s^d first station, 
a compacted version of said data transferred to 
said second computer system or said electronic 
document transfened to said second computer 
40 system being generated in said second computer 
system or in said second station, said compacted 
version being input into arxi stored in said internal 
storage of said second statiorl. 
said compacted ver^on stored In said intend stor- 
es age of said second station t>eing output from said 
intema] storage of said second station and encryf> 
ted in said second station by means of said 
encryption/decryption means of said second station 
or said encryption key(s) stored in said internal 
50 storage of said second station, 

said compacted data or document version encryp- 
ted by said encryption/decryption means of said 
secortd station being output from said second sta- 
tion via said input^output gate of said second sta- 
65 tion. being transferred to said second computer 
system and being transferred therefrom via said 
interfacing means of said second computer system 
to said data transmission line. 
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said encrypted and compacted data or document 
vorsion trsnsf erred from said second computer 
system b^ng received by said first computer sys- 
tem via said irrterfactng means of said first com- 
puter system, b&tng transferred to said first station 
via said inputftnitput gate of said first statit^, b^ng 
input into and temporarily stored In said interr^ 
storage of said first station, 
said compacted or document version received 
by said first computer system in encrypted form 
t>eing output from said internal storage of said first 
station and being decrypted in said first station by 
means of said encryption/decryption means of said 
first station and said decryption key(s) stored in 
said internal storage of said first station, 
said decrypted, compacted data or document ver- 
sion received t>y said first computer system in 
encrypted form and decrypted by said first station 
being input into and stored in said internal storage 
of said first station. 

a comparison of said compacted data or document 
ver^on stored in said first station and said decryp- 
ted, compacted data or document version received 
by said first computer system in encrypted form 
and decrypted tieing made in said first station for 
verification of tfte integrity of or Identity between 
said data transfen^ from said first computer sys- 
tem and said data received by said second com- 
puter system or of the integrity of or identity b&- 
tween said electronic document transferred from 
s^d first computer system and said electronic doo- 
ument rec«ved by said second computer system. 

21. A method accordingf.^to> claims 18 and 19, 
wherein a transfer of a compacted data or docu- 
ment ver^on from said first station to said second 
station as well as from said second station to said 
first station and a comparison of txjth transferred, 
compacted data or docum^t ver^ons and stored, 
compacted data or document versions in said two 
stations are made for said integrity verification. 

22. A metiKid according to claim 18 or 20. said 
transfer of said compacted date or document ver- 
^on generated in said first computer system or in 
said first station from said first station to said 
second station being made simultaneously with 
ssid transfer of said date or s^d electronic docih 
ment itself, said date or electronic document and 
said compacted date or document version being 
combined and encrypted as a whole before said 
transfer. 

23. A metiK>d according to daim 19 or 20, said 
transfer of said compacted date or document ver- 
sion genei^ted in said second computer system or 
in said second station tnom said second steticm to 
said first station tteing made simultaneously with .a 
retransmission of said date or said electronic docu- 
ment received from said first station from said 
second station to said first station, said date or 



electronic document to be retransmitted and said 
compacted date or document version -being corf>- 
bined and encrypted as a whole before said trans- 
fer. 

5 24. A method according to claims 21 and 22. 

wher^n a simultaneous retransmission of said 
compacted date or document version received by 
said second station and generated in said first 
computer system or in said first station is made at 

70 said transfer of said compacted date or document 
version generated in said second computer system 
or in said second station and said retransmission of 
said date or said electronic document from said 
second station, both compacted date or document 

75 versions and said date or said electronic document 
to be retransmitted being combined and encrypted 
as a whole before said transfer. 

25. A system fof said transfer of data, an 
electronic document or ttie like from a first com- 

20 puter system to a second computer system, wttich 
second computer system is autonomous in relation 
to said first computer system, via a date transmis- 
sion Sne. e.g. a put}tic date transmission line, ac- 
cording to the mettiod of any of the claims 1-12. 

25 said system comprising said first station and said 
second station, wfiich are connected to and com- 
municate with said first and said second computer 
system, respectively, and which furttiennore via 
said first and said second computer system, re- 

30 spectively. and said corre sponcfing interfacing 
means are connected to said date transmissitHi 
line, as well as said first and said secortd electronic 
card, which constitute a coherent set of cards4»rrhs,^ 
prising said coherent encrypSonftlecryption keys 

35 input into said internal storages of said cards. 

26. A sj^tem according to claim 25, s^d first 
and sakJ second electronic card being of tfie type 
DES Smart Card (Philips). Super Smart Card (Bull) 
or CPS Smart Card (ButD- 

40 27. A system for transferring data, an electronic 
document or the like from a first computer system 
to a second computer system, which is autono- 
mous in relation to said first computer system, via 
a date transmission Qne, e.g. a pubSc date trans- 

45 mission Hne. according to tt)e metfiod of any of 
claims 12-15. said system comprising said first 
station and said second station, which are coih 
nected to and communicate with said first and said 
second computer system, respectively, and which 

50 furthermore via sakt first and said second computer 
system, respective, and corresporxfing interfacing 
means being connected to said date transmisskm 
One. as well as said first and said second card, 
wfiich constitute a coherent set of cards compri^ng 

55 sakJ coherent date input into said cards concerning 
said coherent encryption/decryption keys stored In 
said internal storages of said conesponding sta- 
tfons. 
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28. A system according to claim 27. said first 
and sakj s^nd card beir^ a magnetic caid, an 
electronic card of tfte type DES Smart Card 
(Philips). Super Smart Card (Bull) or CPS Smart 
Card (Bull) or a similar card. s 

29. An electronic card comprising a centra) 
data processing unit an internal stor^, an 
mput/output gate for communication with a cor- 
responding station for outputting data from and 
Inputting data Into said electronic card as well as io 
an encryptionAdecryption means, said card con- 
sliluting a first electronic cani of a coherent set of 
cards comprising said first electronic card and a 
second electronic card, said electronic cards hav- 
ing coherent encryption/decryption keys and lieing ib 
designed to be used in accordance with the meth- 
od according to any of the daims't-12. 

30. An electronic card according to claim 29, 
said first and said second electronic card being of 

the type DES Smart C&rd (PWllps). Super Smart 20 
Card (Bull) or CPS Smart Card (Bull). 
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